Simplifying Linux installations will 
be a priority at LinuxWorld. pac 
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Users and vendors need to find ways to keep user heat 
in business, says SmithBucklin’s Julie Silverstein. 1 
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An employee unin- 
tentionally trans- 
mits a computer 
virus to a business 
partner, and it causes 
thousands of dollars in 
damage. Is your com- 
pany liable? Some legal 
experts predict that 
you may be hauled 
into court to find 
out. Page 37 


EXPOSURE 


Cisco Flaw Raises Concerns, 
But Attacks Deemed Difficult 


IT managers put trust in defensive measures; 
router vulnerability seen as complex to exploit 





BY JAIKUMAR VIJAYAN 
The public demonstration of 
an attack against a Cisco Sys- 
tems Inc. router at last month’s 
Black Hat USA conference 


showed that a core part of cor- 
porate networks may be more 
vulnerable to hackers than 
many users had assumed. 

But, IT managers and secu- 








rity analysts said last week, 


| companies that follow recom- 


mended practices for securing 
their networks should be rea- 
sonably well protected despite 


| the fact that attackers now 


have information on how to 
shut down routers by exploit- 
ing a previously disclosed 
software flaw. 

“In the end, the Cisco case 
is no different than [a hack 
against] a Microsoft or Unix 
box,” said Andreas Wuchner- 
Bruhl, head of global IT secu- 
rity at Novartis Pharma AG, a 

Cisco Flaw, page 52 
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Sarbanes-Oxley 
‘Trumps IM at 
Some Firms 


Concerns about security, archiving prompt 
companies to unplug instant messaging systems 





BY THOMAS HOFFMAN 
In another case of fallout from 
the passage of the Sarbanes- 
Oxley Act, some companies 
are disabling their instant mes- | 
saging systems because of con- | 
cerns that the technology's se- | 
curity and archival controls | 
aren’t strong enough to 
comply with the law, ac- 
cording to IT executives, 
lawyers and auditors in- 
terviewed last week. 
Section 302 of Sar- 
banes-Oxley requires 
| CEOs and chief financial offi- 
cers to certify that their com- 
panies have established inter- 
nal controls and are regularly 
| evaluating the effectiveness of 
the control measures. Al- 


Users Speed 
Feeds to Data 
Warehouses 


BY HEATHER HAVENSTEIN 
As business intelligence be- 
comes a critical component 
of daily operations, real-time 
data warehouses that can 
provide end users with rapid 
updates from transactional 





systems are increasingly 


ara 
Read our full 
Sarb-Ox 
coverage: 


QuickLink 
a3250 


though vendors such as Face- 


| Time Communications Inc. 
| and IMlogic Inc. offer tools for 
| storing messaging traffic and 


protecting against malware, 
users like Jefferson Wells In- 
ternational Inc. are erring on 


| the side of caution by simply 


unplugging their IM 
systems. 

Jefferson Wells dis- 
connected its MSN 
Messenger system be- 
cause of concerns that 
the company wouldn’t 
be able to detect software 


| viruses embedded in mes- 
| sages, said Scott Robertson, 
| manager of corporate IT oper- 


ations at the Brookfield, Wis.- 
IM Security, page 16 


sprouting up at companies. 
For example, online retail- 
er Overstock.com Inc. has 
begun connecting users to a 
real-time data warehouse it 
completed last month. The 
project’s goal is to help em- 
ployees gain insight into the 
effectiveness of the compa- 
ny’s online and e-mail ad- 
vertising campaigns. 
Overstock is using trans- 
actional data management 
Warehouses, page 16 
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PROMISE OF BI 
WILL BE MET. 


WELCOME TO 
SOMEDAY. 


Business Intelligence made a promise: to make it simple for everyone to use information to make 
better decisions. But, given your complex IT infrastructure, the reality of getting a single BI standard 
in place across the company has been anything but simple. Until now. 


Introducing Cognos 8 Business Intelligence, the one solution built to break down the barriers limiting 
BI’s potential. With a complete Web Services-based SOA. A simple browser-based interface. A full range 
of BI capabilities — reporting, analysis, scorecarding, dashboarding and more — all in a single product 

and on a single architecture. And the BI foundation for companies demanding a simpler path to a complete 

performance management system. 


It’s everything BI promised to be. And now, it’s here. 
Learn more today at cognos.com/simple 


COGNOS 8 BUSINESS INTELLIGENCE. 


© 2005 Cognos Incorporated. All rights reserved. 
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Managing ‘Prosumers’ 

In the Management section: Those hotshot new 
hires come with handhelds and smart phones that 
you haven’t even thought about dealing with. What 
will you do about standards, security and costs? 
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Targeting the Enemy Within 

In the Technology section: It’s not just the disgruntled 
or careless employee who poses an inside security 
threat. Companies are also dealing with the risks cre- 
ated by suppliers, partners and service providers with 
inside access to enterprise networks. Page 23 
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NEWS - TECHNOLOGY 





Linux-based systems may 

become easier to install and 
manage with new packaged 
options that major vendors 
plan to announce this week. 


Large companies are increas- 
ingly outsourcing human re- 
sources functions and IT 
rather than upgrading their 
ERP software. 


AT&T will offer hosted ser- 
vices for utility computing 
and server virtualization. 


10 The government’s plan to of- 


fer low-cost software to small 
medical practices could help 
large health care systems by 
promoting the use of electron- 
ic health records industrywide. 


2 Computer Associates dis- 
closes a major security flaw in 
its data backup software, and 
analysts say it’s an example of 
just how vulnerable storage 
software is. 


Fujitsu builds a notebook PC 
that can be converted into a 

tablet device for use in health 
care and other niche markets. 


Global Dispatches: Oracle 
agrees to buy majority control 
of a banking software vendor 
based in India; and Sun will 
open a data center in Scotland 
for remotely managing cus- 
tomer systems. 


IBM ships a network-attached 
storage device made by Net- 
work Appliance and will re- 
place its own NAS line with 
more NetApp models in 

the fall. 


: 28 Computerworld Honors. Case 


Study: Homegrown Grid. A 
grid computing project at Acx- 
iom speeds delivery of data to 
the company’s business clients. 


30 QuickStudy: Markup Lan- 


guages. These languages use 
embedded tags to character- 
ize text elements within a 
document to indicate their 
function, meaning or context. 


32 Security Manager’s Journal: 


Dealing With an ISO Who’s 
Only So-So. C.J. Kelly con- 
fronts her agency’s informa- 
tion security officer, who’s 
weak in most technical areas. 


- MANAGEMENT 


: 37 E-mail Exposure. Beware! If 


your employees inadvertently 
pass malware to other compa- 
nies via e-mail, you could find 
yourself in court. 


: 42 In the Dark. Night-shift work- 


ers can feel isolated, hostile 
and just plain tired. Here are 
some tips for keeping them 
happy and productive. 


: 43 Q&A: Throw Out the Rules. 

: Virtuoso teams have talent, 
energy, ambition, intensity, 
ego and risk — all in spades. 
Boston College’s Andy Boyn- 
ton tells how to manage them. 


44 Career Watch. The hiring en- 


vironment for CIOs; what a 
rise in IT pay may say about 
offshore outsourcing; the lat- 
est on tech job cuts; and 
CEOs’ expectations for the 
economy. 


8 On the Mark: Mark Hall 
reports on a consultant who 
says aging IT staffs and their 
favored old technologies put 
many companies at risk. 


20 Don Tennant looks at the IT 


landscape and concludes that 


we’re likely to see more and 


more start-ups offering Web- 


based, on-demand services. 


20 Julie Silverstein shares some 
research that suggests ways to 


maintain user groups’ value 
for members and vendors. 


Michael Gartenberg recon- 
siders his nostalgia for high- 
tech stuff of days gone by. 


36 Curt A. Monash thinks the 


pure relational model of data- 


base management is collaps- 


ing and must be replaced with 


a radically different view of 
data management. 


46 Bart Perkins recognizes that 
business people can be reluc- 


tant to take on an executive 
sponsor role. Don’t let them 
off the hook. 


54 Frankly Speaking: Frank 
Hayes says competitive ad- 
vantage can come from the 
way software, hardware, net- 
works and practices are all 
put together. 
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SECURITY: In the wake of the release of infor- 
mation on Cisco’s router flaw, security ana- 
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or the Internet are safer. Or is there something 
else we should be doing? @ QuickLink 55917 


Ten Tips for Faster Backups 


STORAGE: By following these simple sugges- 
tions, backup managers can ease many of 
their storage headaches, says Robert Farkaly 
of Overland Storage. @ QuickLink a6850 


Delivery of the Future 
WEBCAST: Hewlett-Packard executive Ann 
Livermore discusses the relentless move to- 
ward digital, mobile and virtual technologies. 
Presentation recorded at Storage Network- 
ing World Spring 2005. @ QuickLink a6840 


ONLINE 
What’saQuicklink? = pepaRTMENTS 


Throughout each issue of . 
—- Breaking News 
QuickLinkcodes © QuickLink af510 
torelated content on Newslett 
our Website. Also. attheendiof ho tions 
sachstory.aQuickLinktothat —¢ Quick! ink a1430 
Knowledge Centers 
© QuickLink a2570 
The Online Store 
© QuickLink 22420 





6 COMPUTERWORLD August 8, 2005 


AT DEADLINE 


Microsoft Goes to 
Wal-Mart for Exec 


Microsoft Corp. named Kevin 
Turner, a 40-year-old executive 
from Wal-Mart Stores Inc.., to fill 
its chief operating officer position. 
Turner will join Microsoft on Sept. 
8 and take over responsibility for 
the company’s sales, marketing 
and services organization as well 
as its fulfillment and IT opera- 
tions. He was Wal-Mart's ClO 
from 2000 to 2002 and most re- 
cently was president and CEO of 
the retailer’s Sam’s Club division. 


Security Vendor: ID 
Theft Ring at Work 


Sunbelt Software Distribution 
Inc., a vendor of antispyware 
tools in Clearwater, Fla., said it 
stumbled upon an identity theft 
ring that’s using a spyware pro- 
gram to systematically break into 
and steal confidential information 
from computers. The data is being 
uploaded to a remote server that 
appears to be located in the U.S., 
Sunbelt said, adding that it has 
notified the FBI. Officials at the 
FBI couldn’t be reached for com- 
ment on Friday. 


Six Security Fixes 
Due for Windows 


Microsoft said it plans to release 
six software patches to address 
security flaws in Windows tomor- 
row as part of its monthly update 
process. The company didn’t re- 
lease details, except to say that 
some of the vulnerabilities will be 
given “critical” ratings. Microsoft 
will also issue an updated version 
of its malware removal tool and a 
Windows update that doesn’t re- 
late to any security holes. 


Short Takes 


NEC CORP. said it has developed a 
rechargeable battery made from 
organic compounds instead of 
hazardous materials like lithium. 

. .. SPRINT CORP. and NEXTEL 
COMMUNICATIONS INC. said the 
Federal Communications Com- 
mission approved their merger. 





NEWS 


IT Gets More Packaged 
Options for Linux, Grid 


Dell, IBM, HP aim 
to improve ease of 
use for technology 


BY CAROL SLIWA 
ORPORATE users 
who may have been 
hesitant to take the 
open-source plunge 

will get new packaged options 

this week from major vendors 
that are continuing to try to 
make it easier to acquire, 

use and manage Linux-based 

systems. 

Dell Inc., Hewlett-Packard 
Co. and IBM are among the 
many vendors that will use the 
LinuxWorld Conference & 
Expo in San Francisco to 
launch products and services 
designed to make users more 
comfortable with choosing 
Linux and other open-source 
software offerings. 

Dell, for instance, plans 
to introduce PowerEdge 830 
and 850 servers with dual-core 
Intel processors and give cus- 
tomers the option of bundling 
a stack of open-source soft- 
ware with the hardware. 

Users can get Red Hat or 





SUSE Linux, plus the MySQL 
database and JBoss application 
server. In addition, they now 


can buy support subscriptions | 


for the MySQL Network and 
JBoss Network directly from 


Dell. 


The goal is to help open- 
source users quickly get up 
and running with a tested and 
supported system, similar to 
the way they can launch Win- 
dows servers out of the box, 
said Judy Chavis, director of 
business development and 
global alliances for Linux and 
open-source at Dell. 


Easier Adoption 
The availability of bundled of- 
ferings hasn’t been crucial for 
many early Linux adopters 
that have the necessary in- 
house skills to configure and 
install systems themselves. 
Joseph Foran, director of IT 
at FSW Inc. in Bridgeport, 
Conn., said it has never been a 
problem for the nonprofit so- 
cial services agency to install 
Linux and the rest of the so- 
called LAMP stack, which also 
includes the Apache Web 
server, MySQL and either the 
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we want to take 
the complexity 
out of it. 


AL BUNSHAFT, VP OF 


Perl, PHP or Python scripting 
languages. An enhanced 
LAMP stack that has an appli- 
cation server configured with 
business applications might be 
helpful, Foran said. “But if you 
have the expertise,” he added, 
“jt doesn’t really matter.” 

However, as Linux contin- 
ues to gain momentum as a 
mainstream IT option, more 
companies will want to hit the 
ground running and find ven- 
dors that make it easy to use 
the technology, said Dan Kus- 
netzky, an analyst at Framing- 
ham, Mass.-based IDC. 

A lack of required applica- 
tion software and a lack of ex- 
pertise at customer sites have 
been “the big impediments to 
Linux adoption,” he noted. 

HP will try to foster more 
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use of open-source software 
by opening four Linux Exper- 
tise Centers in the U.S. for 
software vendors, developers 
and systems integrators to 
make sure their products work 
with its hardware. Also this 
week, HP plans to announce 
the availability of more than 
200 open-source software 
packages for its HP Integrity 
NonStop servers. 

IBM will try to lure more 
users to try grid computing by 
launching a “Grid and Grow” 
package that includes a choice 
of BladeCenter server options 
with a chassis ready for ex- 
pansion, an operating system, 
grid middleware and services. 
Pricing starts at $49,000. 

Al Bunshaft, vice president 
of grid computing at IBM, said 
more than two-thirds of the 
grid deployments that the 
company is involved in are 
Linux-based. “Grid has had an 
aura of complexity,” he said, 
“and we want to take the com- 
plexity out of it.” 

One sign that software ven- 
dors are trying to draw more 
attention to their Linux sup- 
port is the LinuxWorld exhibit 
hall debut of SAP AG, which 
hopes to make users more 
aware that its applications run 
on the operating system. The 
percentage of SAP users with 
Linux is small but growing 
rapidly, said Torsten Geers, an 
SAP vice president. @ 56019 


Novell Opens Development of SUSE Linux 


NOVELL INC. this week plans to 
launch a community-based effort 
to open up development of its 
SUSE Linux operating system. 
The company's strategy includes 
an attempt to accelerate the use 
of the software by flooding the 
market with copies through a vari- 
ety of outlets. 

Novell’s openSUSE initiative is 
already being compared to the 
Fedora Project that rival Red Hat 
Inc. sponsors for its Linux distrib- 
ution. New technology that 
emerges from the work of the 
Fedora community is considered 
for inclusion in Red Hat's soft- 
ware products. 

George Weiss, an analyst at 


: Gartner Inc., said many compa- 
* nies use Fedora for experimental 


: purposes and then often move on 
: to become users of Red Hat En- 
: terprise Linux. Novell needed to 


* create a similar open-source 
> community for SUSE Linux as 


: part of its effort to attract users 
: away from Red Hat, he said. 


: Minimal input Upfront 

: Novell has been developing 

© SUSE Linux internally through 

: aclosed model, with little front- 

: end input from the open-source 
: community at large, said Greg 

* Mancusi-Ungaro, the company’s 


: director of Linux and open-source : 


: marketing. Now it plans to adopt 


“a completely open and transpar- 
ent model” for developing the 
software, he said. 

Previously, Novell made avail- 
able a SUSE Linux Professional 
edition aimed at technical enthu- 
siasts and developers. That ver- 
sion often served to preview fea- 
tures that eventually turned up in 
the SUSE Linux Enterprise Server 
operating system for corporate 
users. SUSE Linux Professional 
will now be known simply as 
SUSE Linux, the company said. 

Novell plans to release an ini- 


: tial beta of SUSE Linux 10.0 this 
> week at LinuxWorld. The final ver- 


sion is due in October, according 


> to Mancusi-Ungaro. He said the 


: company expects to release a 10.1 
* version six months later and con- 
: tinue with new editions every six 

: months thereafter. A public-code 
* repository will be set up next year. 


Novell plans to offer a retail 


: version for end users with a user 

> guide and installation support but 
: will also give away SUSE Linux 

* DVDs at LinuxWorld and make 

> them available through magazine 

: inserts in an effort to make it easi- 
: er for users to gain access to 

> Linux, Mancusi-Ungaro said. 


“We're trying to make our Lin- 


: ux available in all the ways cus- 
: tomers demand,” he said. “We 

: hope that by doing so, we'll help 
: to move the needle on Linux 

: adoption worldwide.” 


- Carol Sliwa 
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HR Outsourcing 
Picking Up Steam 


ERP licensing and 
consulting costs 
seen as factors 


BY PATRICK THIBODEAU 
AND MARC L. SONGINI 
When PepsiAmericas Inc. 
wanted to automate some hu- 
man resources processes, it 
could have expanded its own 
PeopleSoft ERP system, but 
that would have required buy- 
ing more software, hiring 
consultants and stressing an 
already tapped-out IT staff. 
Instead, Dana Sacks, vice 
president of compensation, 
benefits and human resources 
information systems, said she 
turned to managed service 
provider Authoria Inc. in 
Waltham, Mass., to automate 
performance management 
processes, bonus calculations 
and succession planning. 
Sacks said her Minneapolis- 
based, 11,000-employee com- 
pany will evaluate managed 





services for more applications, 
| and she wouldn'’t rule out re- 
placing ERP systems with ser- 
vice providers. 

PepsiAmericas isn’t alone. 
Technology Partners Interna- 
tional Inc. (TPI), an outsourc- 
ing consultancy in The Wood- 
lands, Texas, reported that so 
far this year, 14 companies 
with more than 10,000 em- 
ployees have outsourced 
workforce administration. 

“We think the long-term 
trend is an erosion of the 
adoption of ERP as an infra- 
structure in the corporate en- 
terprise and moving away 
from licensing software to 
buying services,” said Peter 
Allen, managing director and 
partner at TPI. 


Outsourcing HR 

Companies have outsourced 
payroll and benefits adminis- 
tration for many years, but the 
move to outsource virtually all 
HR activities — business proc- 
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Leader Board 


Market share for workforce 
administration service 
providers (year to date): 


Aon Corp.: 3% 


YL 
PCSrar nd 
Tae ae 


Affiliated Computer -! 
Services Inc.: 13% 


Note: Figures don’t add up to 100% 
because of rounding. 


SOURCE: TECHNOLOGY 
PARTNERS INTERNATIONAL INC | 
THE WOODLANDS, TEXAS | 


esses and IT — is still new. | 
One out of 10 companies has 
done some HR outsourcing, 
but only about half of those 
companies have outsourced 
everything, estimated Michael 
Cornetto, a consultant at Wat- 
son Wyatt & Co. in Arlington, 
Va. But he said the market for 





total HR outsourcing is grow- 
ing 30% per year. 

Late last month, Whirlpool 
Corp. signed a 10-year deal to 
outsource HR business proc- 
esses for 68,000 employees to 
Convergys Corp. in Cincin- 
nati. A major reason was the 


need to improve HR technolo- | 


gy, said Abby Luersman, vice 
president for HR solutions at 
Benton Harbor, Mich.-based 
Whirlpool. 

Whirlpool was underinvest- 
ing in IT and needed “better 
decision-making with better 
data,” Luersman said. 


‘Bite-Size Pieces’ 
So far, Whirlpool is using 


Convergys to integrate its self- | 


service model with its SAP 
system and take over some of 
the transaction processing, 
she said. But over time, some 
HR IT systems could move to 
the outsourcer’s data center, 
Luersman said. “This is a 10- 
year agreement with Conver- 
gys, and clearly we're doing it 
in bite-size pieces,” she said. 
Memorial Health Services 
Corp. in Long Beach, Calif., is 
a PeopleSoft ERP shop that al- 
ready had an HR application 
license but decided it would 
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be cheaper to outsource bene- 
fits and other functions, said 
Patti Ossen, senior vice presi- 
dent of human resources at 
the hospital group. 

Deploying PeopleSoft’s ben- 
efits software would have re- 
quired an external consultant, 
cost about $350,000 and taken 
about 5,000 hours, she said. So 
Ossen turned to hosted pro- 
viders, including Employease 
Inc. in Norcross, Ga. 

But it’s not a path for all 
companies. David Rudzinksy, 
CIO at Bedford, Mass.-based 
medical instruments maker 
Hologic Inc., said he uses the 
payroll services of Automatic 
Data Processing Inc. 
system is integrated with the 
human resources module in 
his Oracle eBusiness Suite li 
ERP system 

“This was a major improve- 
ment in the process and makes 
the payroll/human resources 
people more efficient,” he said, 
adding that he doesn’t want to 
use any external providers of 
other HR functions. @ 56020 


, whose 


| MORE THIS ISSUE 


Don Tennant explains why you should take 
a lesson from the Chicago oq schools 
when it comes to hosted apps. Page 20 





AT&T to Offer Managed Utility Computing Service 


Hosting unit will 
also add server 
virtualization in Q4 
BY MATT HAMBLEN 
AT&T Corp. will launch a 
managed utility computing 
service late this year based on 
hardware from Sun Microsys- 
tems Inc. as one of several im- 
provements to its hosting ser- 
vice, AT&T executives re- 
vealed in interviews last week. 
The utility computing ser- 
vice, to be formally announced 
and offered sometime in the 
fourth quarter, would give 
businesses automatic and on- 
demand access to computing 
resources to scale up and 
down efficiently, said Mike 
Jenner, vice president of host- 
ing and application manage- 
ment services at AT&T. 
Jenner also said AT&T will 





add server virtualization capa- 
bilities for its hosting clients 
in the fourth quarter. 

For users, the big advan- 
tages of both utility computing 
and server virtualization in- 
clude the ability to rapidly 
provision IT resources and 
avoid the cost of investing in 
server hardware, Jenner said. 

“Customers spend a lot in 
capital, while their systems 
often go underutilized much 
of the year,” said Christina 
Costello, director of product 
management for AT&T’s man- 
aged hosting and utility com- 
puting services unit. 


Service Charges 


Companies that choose the 





utility computing option will 
pay a base fee each month to 
get access to a dedicated serv- 
er — roughly half the cost of 
leasing one — plus a variable 


utilization charge, AT&T said. 

One existing AT&T hosting 
customer, Turbine Inc., has 
been discussing the utility 
computing service with AT&T 
“quite seriously,” said Michael 
Hogan, vice president of tech- 
nology and operations at the 
Westwood, Mass.-based maker 
of online games. Turbine is 


looking at utility computing as 
a means of handling the enor- 
mous surges in network usage 
it experiences when it releases 
new multiplayer games. 
“We’re always looking for 
ways to spike up capability for 
the first weeks [after a new 
game release] and then back 


| off,” he said. 





With one earlier game re- 
lease, Hogan noted, Turbine 
“grossly underestimated re- 
sources” and ended up trying 
to throw hardware at the prob- 
lem. Conceivably, with a utili- 
ty computing service, Turbine 
would “have a plan in place, 
quickly scale up in the near 
term and roll off,” he said. 

Analysts said AT&T’s utility 
computing service appears to 
be the first offered by a net- 
work services provider. Sun, 
IBM, Savvis Inc. and Electron- 
ic Data Systems Corp. offer 
utility computing and utility 
storage services, but the mar- 
ket hasn’t grown as much as 
first projected two years ago, 
said Ted Chamberlin, an ana- 
lyst at Gartner Inc. 

“Utility computing has been 
cooking along for a while, but 
there is limited interest in it,” 
Chamberlin said. “Customers 
don’t exactly call up and say, 
‘Give me some of that utility 
computing.’” @ 56015 
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NCR Hires Nuti to 
Replace Hurd as CEO 


NCR Corp. named William Nuti 
president and CEO, filling the po- 
sition vacated by Mark Hurd when 
he left in March to become the top 
executive at Hewlett-Packard Co. 
Nuti previously was CEO of Sym- 
bol Technologies Inc. in Holtsville, 
N.Y. Symbol last week reported 

a $30.5 million second-quarter 
loss, but an NCR spokesman said 
the loss “hasn't changed any- 
thing” in terms of the company’s 
confidence in Nuti. 


Mozilla Decides to 


Form Corporate Unit | 


The Mozilla Foundation has creat- 
ed a corporate subsidiary to sup- 
port its moneymaking activities 
and handle the marketing of its 
open-source products. The Moun- 
tain View, Calif.-based foundation 


said the formation of Mozilla Corp. | 
was made necessary by the “unin- | 


tended but real” revenue generat- 
ed by a search tool within its Fire- 
fox browser that links to search 
engines and specific Web sites. 


Microsoft Acquires 


Adapters for BizTalk | 


Microsoft Corp. said it has bought 
eight .Net-based application 
adapters that work with its Biz- 
Talk Server software from iWay 
Software, a unit of Information 
Builders Inc. The products sup- 
ported by the adapters include 


Oracle applications and databases, | 


plus J.D. Edwards, PeopleSoft 


and Siebel applications. Microsoft 


and iWay didn’t disclose the pur- 
chase price. 


Short Takes 


IBM announced a version of Web- 
Sphere Portal that has a common 
code base for all of its servers, in- 
cluding the iSeries midrange line 
and zSeries mainframes. . .. SAP 
AG named Ike Nassi, formerly 
chief technology officer at Firetide 
Inc. in Los Gatos, Calif., to manage 
its software research work in the 
Americas region. 
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Baby Boomers Get 
Ready for Bed While. . . 


. their creaking technologies burden IT’s maintenance 
budgets. Worse, argues Damian Smith, a vice presi- 
dent at Dallas-based Hitachi Consulting Corp., keep- 
ing mainframes and even client/server systems limp- 
ing along chews up so many IT resources that many 


of the companies using them 


will be bypassed by more nim- | 


ble competitors that adopt the 
flexible systems favored by 
younger IT workers. Smith 
warns that if your mainte- 
nance cost 
for aging 
technologies 
is more than 
50% of your 
IT budget, 
“you are 
pretty much 
dead.” (Per- 
haps that’s 
why the con- 
sulting unit’s 
parent com- 
pany, Hitachi Ltd., used to sell 
mainframes.) But most IT 
dollars now should be spent 
on new systems in order to 
retire the old ones, Smith says. 
“Lots of companies are now 
consuming 70% to 90% of 
their budgets on maintenance 
and support,” he claims. “And 
when you're doing that, you 
can’t do new things to support 
high-demand users.” The situ- 
ation is compounded by a 
generation gap as well. Older 
technology is generally main- 
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, tained by more experienced 
workers who have higher 
salaries “and are less likely to 
work longer than 40 hours 
per week,” Smith observes, 
adding that he thinks efforts 
| by IBM and others to boost 
interest in mainframes among 
young whippersnappers 
([QuickLink 55867] are futile. 
“Do I invest in new, young 
blood to train on old technol- 
ogy,” he asks, “or get new 
technology to attract lower- 
cost, younger workers who 
are willing to work longer 
hours?” The answer is obvi- 
ous, he thinks. It’s vital to 
shift off old platforms now 
| before all those gray heads 
putter off to senior centers 
and take their knowledge 
| with them. If you don’t, he 
warns, “the baby boomer 
bomb could blow up and de- 
stroy a few companies in the 
near future.” 


Flashier Web sites 
are possible. . . 

. . With the imminent arrival of 
Studio 8. The upgrade of 
Macromedia Inc.’s flagship 
software suite includes new 








| releases of Dreamweaver, 


Flash Professional and Fire- 
works but replaces the Free- 
hand illustration program 
with products called Con- 


"| tribute 3 and FlashPaper 2. 


Jim Guerard, vice president 
of product management and 
marketing at Macromedia, 
says the San Francisco-based 
company will continue to 


| sell and update Freehand as 


a separate application. Guer- 
ard says Contribute lets busi- 
ness users update Web pages 
themselves without having 


| to pester Web designers, al- 


| though the designers get to 
control what’s included in 
updates and where, when and 
how they take place. Flash- 
Paper can convert docu- 


ments, such 
99% 


as Word 
files, into 
Flash files 
for easy ex- acl amcate1 1) 
of workstations 
at hae Sut 
aE ees Ey 


port to Web 
sites. Among 
lag PACT cele iio 


other up- 

dates to the 
products al- 
ready in the suite, 


| Dreamweaver 8 has im- 


proved cascading stylesheets 
and new guides that let de- 


| signers precisely position 


objects on a Web page down 
to the pixel level. Macrome- 
dia, which is due to be ac- 
quired by Adobe Systems Inc. 
under a deal signed in April, 
plans to ship the $999 suite in 
September. 


Solidify your. 
server security... 

. by preventing all but ap- 
proved code from running on 
systems. That’s the approach 
advocated by Solidcore Sys- 
tems Inc. in Palo Alto, Calif. 
According to John Sebes, its 
chief technology officer, an 
upcoming security module 
for Solidcore’s $3 Control 
software will inventory all the 
binary files, scripts, Dynamic 
Link Libraries and other 
forms of executable code that 
you want running on your 
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HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY BUZZ BY MARK HALL 


computers 
and permit 
only those 
programs to 
execute. 
Anything 
else gets 
stopped in its 
tracks, Sebes 
says. Even 
sysadmins 
with root- 
level privileges can’t slip in 

a favorite script without the 
permission of the person who 
oversees S3 Control. The S3 
Security module even pro- 
tects systems from “being 
tricked by things like buffer 
overflows,” Sebes says. $3 
Security will ship next month 
for Linux, Solaris and Win- 
dows servers. Solidcore will 
add support for AIX and HP- 
UX servers and Windows XP 
workstations in Q4. Pricing 
starts at $2,000 per node and 
decreases with volume. 


SEBES: Stop 
Euler ett) 
re R eT 
running. 


Back up your e-mail 
backup copies... 

. in case disaster strikes. 
This week, Mimosa Systems 
Inc. in Santa Clara, Calif., 
will add a disaster recovery 
option to its NearPoint 
archiving software for Micro- 
soft Exchange servers. The 
new module lets you keep 
a near-real-time archive of 
your e-mail outside the data 
center on a LAN or even else- 
where on a WAN. T.M. Ravi, 
Mimosa’s CEO, claims that 
because NearPoint doesn’t 
use agents on Exchange sys- 
tems, it helps make them 
more stable. The No. 1 reason 
for Exchange server failures 
is third-party 
software run- 
ning on 
them, Ravi 
says. Near- 
Point begins : 
at $9,995, and iy 
the Disaster 
Recovery 
option starts 
at $2,100. 

@ 55983 
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Tivoli IBM Tivoli IT Service Management can streamline your IT operations. It's THE MOST COMPLETE END-TO-END MIDDLEWARE SOLUTION 
THAT DELIVERS TIGHT INTEGRATION between technology, processes and people, while boosting the availabilit 
services. Its automation tools can help minimize time and labor costs, while modular construction means it’s a solution that can gro 
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Medical Software From Feds 
Could Benefit Big Health Care 


Low-cost app for small practices seen 
as aid in effort to computerize records 


BY HEATHER HAVENSTEIN 
OME IT MANAGERS at 
large health care orga- 
nizations are delighted 


that the federal govern- | 


ment plans to offer its elec- 
tronic health records (EHR) 
software to small and midsize 
physician practices at a low 
cost. The move is expected to 
be a significant boon to the ef- 
forts of big providers to com- 
puterize patient records, the 
IT managers say. 

While many hospitals and 
large physician practices have 
deployed EHR software for 
their patient bases, the sys- 
tems won't be fully effective 
unless physicians in smaller 
medical groups who refer pa- 
tients for treatment automate 
their records as well. 

The Centers for Medicare 
and Medicaid Services (CMS) 
expects to announce the dis- 
tribution plans for its Vista- 
Office EHR software this 
month. The announcement, 
which has already been widely 
publicized [QuickLink 55837], 
was due to take place last 
week but didn’t materialize. 
Vista-Office has been in use at 
Veterans Affairs hospitals and 
clinics for more than 20 years. 


Encouraging Adoption 

The CMS will allow physi- 
cians to license Vista-Office 
for less than $3,000 for a five- 
doctor practice, according to a 
CMS spokesman. The move is 
designed to address one of the 
biggest barriers to the Bush 
administration’s goal of com- 
puterizing all patient records 
over the next decade: the lag- 
ging adoption rate among 
smaller practices. 

“Vista is a good program, 
[and] if done correctly, there 
will be a level of ability to share 
records across regional health 
information organizations. It 
could prove to be a very effec- 





| tive tool for many of our small- 
| practice, community-based 

| M.D.s,” 
| at Sutter Health in Sacramento, 


said John Hummel, CIO 


Calif. Sutter operates 27 hospi- 

tals in Northern California. 
Any option that gets physi- 

cians to begin to computerize 


| patient records is a good idea, 


said J. David Liss, vice presi- 


| dent of government relations 


and strategic initiatives at 


| NewYork-Presbyterian 


Healthcare System 
“Physicians who have rotat- 
ed through VA hospitals love 


| Vista — having all the patient 





data in one place is so com- 
| pelling,” Liss said. 
Hospitals and health systems 
could benefit from the govern- 
ment plan because historically, 


they capture the lion’s share of 


the benefits from EHRs: They 
get access to patient histories, 
while the physician practices 
that compile them bear most 
of the costs, said Eric Brown, 
an analyst at Forrester Re- 
search Inc. 

As a result, large hospitals 
have a vested interest in mak- 
ing sure that all the physicians 
referring patients to them are 
using an EHR system, he said. 
Brown and others warned that 
the capital investment in elec- 
tronic records often can be 


dwarfed by the training, im- 
| plementation and configura- 
| tion costs involved. 

Vendors are ramping up to 
support physicians who will 
deploy Vista. In May, the not- 
for-profit organization World- 
| Vista was awarded a contract 
by the CMS to provide train- 
ing to vendors that will install 
the software. 

Medsphere Systems Corp. 
| in Aliso Viejo, Calif., will be 
offering Medsphere Open- 
Vista, an open-source version 
of the government’s software 
that captures clinical, financial 
and administrative data. Med- 
sphere will also be providing 
an ASP version of the software 
| and services such as training, 
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| maintenance and support for 


Vista users, said Scott Shreeve, 
chief medical officer and co- 
founder of Medsphere. 

Midland Memorial Hospital 
in Midland, Texas, will go live 
in December with its first clin- 
ical application based on Med- 
sphere’s OpenVista. The hos- 
pital plans to use the technolo- 
gy to develop a comprehen- 
sive EHR system, said David 
Whiles, director of informa- 
tion systems at Midland. 

“Tt is an extremely mature, 
very functionally rich elec- 
tronic record,” he said. “It has 
been in place for 20-plus 
years, and it is not one of 
these new systems that ven- 
dors are offering, looking for 
alpha or beta partners.” 

The OpenVista project 
will cost less than half of 
the upfront capital investment 
required for a commercial 
EHR product, Whiles said. 

@ 56007 





Health Care System Turns 


‘Treatment based 
on data about 


| similar patients _ 


| BY HEATHER HAVENSTEIN 


NewYork-Presbyterian 
Healthcare System is rolling 
out an IT system that gener- 
ates suggested care plans for 
physicians based on data 
about previous patient out- 
comes and then sends alerts 


| if treatments don’t appear to 
| be working. 


The Patient Health Monitor 
project, which the health care 
system began two months 
ago at its flagship NewYork- 
Presbyterian Hospital, cur- 
rently uses artificial intelli- 
gence (AI) software to create 
treatment plans for patients in 
cardiac intensive-care units. 


| The plans are based on the 


records of 7,500 cardiac pa- 
tients, which are among 2.5 
million patient records in a 
data repository. 

In addition, the system takes 
data from equipment such as 
heart monitors and provides 





To IT for Patient Care Plans 


alerts to physicians via tablet 
PCs if patients deviate from 


| projected outcomes, said J. 


David Liss, vice president of 
government relations and 
strategic initiatives at the 
health system 

Unlike traditional clinical 
support systems that use rules 
engines to suggest patient 
care, the health monitor is 
based on inferencing technol- 
ogy designed by a NewYork- 


- “US Om ue 


(a 


Presbyterian physician. The 
software builds care plans by 
matching patient characteris- 
tics such as age, disease type 
and medication history with 
successful prior outcomes. 
“All of the alerts are relevant 
to the patient because they are 
| based on a history of cases,” 
Liss said. 
In addition, because the 

| repository is updated with 
new patient records every 24 
hours, the AI system has an 
ever-growing pool of data to 
exploit to generate the care 
plans, Liss said. 

Plans call for the health 





7 NEWYORK-PRESBYTERIAN HOSPITAL is the first to use the Al-based SC 





monitor technology to be ex- 
panded to other departments 
in the hospital and to other 
hospitals in the NewYork- 
Presbyterian system, accord- 
ing to Liss. 

The project was funded by 
$250,000 in donations from 
Verizon Communications Inc. 
and Intel Corp. and $50,000 
worth of donated equipment 
from Computer Motion Inc. 
and Dell Inc. 

Eric Brown, an analyst 
at Forrester Research Inc., 
said he knows of only one 
other health care entity that 
has launched a similar initia- 
tive. The Mayo Clinic and 
IBM in August 2004 said they 
were starting to use a DB2 
database to help physicians 
treat patients. 

“This idea of a decision- 
support system is one of the 
outcomes we'd like to see 
from the introduction of elec- 
tronic medical records... 
moving to an era of personal- 
ized medicine,” Brown said. “It 
is taking your particular situa- 
tion and plugging it into the 
database — not searching for 
all people who have had a 
heart attack, but all patients 
who have had a heart attack 
who look like you.” @ 56012 
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IBM Will Buy Data 
Integration Vendor 


IBM said it has agreed to buy DWL 
Inc., a developer of Java-based 
software for integrating customer 
data, for an undisclosed price. 
DWL has about 150 employees 
and is based in Atlanta, although 
most of its operations are in 
Toronto. IBM, which expects to 
complete the deal later this year, 
said it plans to expand DWL’s 
presence in industries such as 
telecommunications and retail. 


Court Denies RIM 
On Patent Petition 


AU.S. appeals court last week re- 
versed one finding that Research 
In Motion Ltd. had infringed on 
patents held by NTP Inc. in 
McLean, Va. But the court upheld 
other findings and denied RIM’s 
petition for a full rehearing of the 
patent dispute. A lawyer for NTP 
said it plans to seek an injunction 
against sales of RIM's BlackBerry 
devices in the U.S. Waterloo, On- 
tario-based RIM said it was still 
reviewing the decision. 


Epiphany Agrees to 
Buyout After Loss 


Epiphany Inc., a CRM vendor in 
San Mateo, Calif., agreed to a 
$329 million cash buyout offer 
from SSA Global Technologies 
Inc. The deal, which is expected 
to close within eight to 12 weeks, 
coincided with Epiphany’s disclo- 
sure that it lost $8.3 million in 
the second quarter on revenue of 
$16.7 million. Chicago-based SSA 
said it thinks Epiphany will benefit 
from having access to its soft- 
ware-distribution network. 


Short Takes 


BMC SOFTWARE INC. reported a 
$41.1 million first-quarter loss but 
raised its business forecast for 
the rest of fiscal 2006. . . . 
ADVANCED MICRO DEVICES INC. 
released versions of its Opteron 
100 Series processors that sup- 
port buffered memory based on 
error-correcting code technology. 
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CA Security Hole Points 
‘To Data Backup Threats 


Vendor patches flaws in storage tools, 
but concerns about attacks increase 





BY JAIKUMAR VIJAYAN 
OMPUTER Associates 
International Inc. 
last week disclosed a 
major security flaw 

in its data backup software, 

and analysts said the problem 
is an example of the kind of 
vulnerabilities that are making 
storage software more attrac- 
tive to malicious hackers. 

CA released patches to fix 
what it described as a “criti- 
cal” vulnerability in its Bright- 
Stor ARCserve agent software, 
which is used to back up and 
restore data between servers 
and storage devices. 

The buffer-overflow flaw 
exists in multiple versions of 
ARCserve Backup and Enter- 
prise Backup for Windows 
and could allow attackers to 
take control of systems, exe- 
cute code or launch denial-of- 


Fujitsu Builds Tablet PC | 


| service attacks, CA warned in 
a security advisory. 

What makes the threat par- 
ticularly potent is the fact that 
many companies use the vul- 
nerable CA software on pro- 
duction servers, said Michael 
Sutton, director of vulnerabili- 


THE SANS INSTITUTE’S 
REPORT ON THE TOP 20 INTER- 
NET VULNERABILITIES DISCOV- 
ERED DURING Q2, ISSUED IN JULY 





Support Into Notebook 


Includes swivel top, 
plus touch-screen 
and writing tools 


BY MATT HAMBLEN 
Fujitsu Computer Systems 
Corp. today will announce a 
notebook PC that weighs just 
2.2 Ib. and can be converted 
into a tablet device with 
touch-screen and handwrit- 
ing-recognition capabilities. 
The format is designed to ap- 
peal to users in health care 
and other vertical industries. 
The new LifeBook P1500 
will replace the P1000 model, 
of which more than 200,000 
units have been sold globally 
over the past four years, said 
Paul Moore, director of mobile 
product marketing at Fujitsu’s 


U.S. headquarters in Sunny- 
vale, Calif. 

Although the P1500 will first 
ship with Windows XP Profes- 
sional, Fujitsu plans to also 
make it available with Micro- 
soft Corp.’s Tablet PC Edition 
operating system by 
year’s end, Moore said. 

The new model, which 
has a list price of $1,499, 
is based on a 1.2-GHz 
Pentium M processor 
and includes an 8.9-in. 
screen. 

The older LifeBook 
opens like a typical 
notebook PC, but the 
P1500 can be flipped open 
and swiveled to convert to aia 
tablet format. That capabili- 
ty is something doctors who 
use the P1000 have asked for, 








ty research at iDefense Inc., 
a security threat assessment 
firm that was recently ac- 
quired by VeriSign Inc. 

Attackers who take advan- 
tage of the flaw could access 
any data on unprotected 
servers, Sutton said. Reston, 
Va.-based iDefense was credit- 
ed with discovering the 
BrightStor vulnerability. 

Data backup products are 
becoming increasingly attrac- 
tive and easy targets for hack- 
ers, said Alan Paller, director 
of research at the SANS Insti- 
tute, a Bethesda, Md.-based 
organization that does securi- 
ty training and research. 

SANS, which compiles a 
quarterly list of the top 20 
Internet security threats, in- 
cluded several vulnerabilities 


| in widely used data-backup 


products from CA and Syman- 
tec Corp.’s Veritas unit on the 
list that it released last month 
for the second quarter. 

Such vulnerabilities are sure 


said C.A. Nix, president of 
Medical Practice Technologies 
LLC, a Cumming, Ga.-based 
systems integrator. 

Tablet PC technology, 
which was introduced in late 
2002, has largely remained a 
niche product. “Microsoft had 
much higher expectations for 
Tablet PC than materialized,” 
said Brian O’Rourke, an ana- 
lyst at In-Stat in Scottsdale, 
Ariz. 
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to attract the attention of mali- 
cious hackers because data 
backup products grant access 
to virtually all of a company’s 
data, Paller said. He added 
that operating systems, which 
have traditionally been the 
most popular targets, are be- 
coming harder to hack, result- 
ing in more of a focus on rela- 
tively less-protected applica- 
tion servers and storage tech- 
nologies. 

So far, there has been little 
evidence of vulnerabilities in 
data backup products being 
widely exploited, said Jon Olt- 
sik, an analyst at Enterprise 
Strategy Group Inc. in Mil- 
ford, Mass. But the existence 
of so many flaws in popular 
products is worrisome be- 
cause storage teams often 
know little about security is- 
sues and don’t adhere to cor- 
porate policies, he said. “Stor- 
age has always been designed 
for performance and availabil- 
ity, not security,” Oltsik noted. 
@ 56024 


READ MORE ONLINE 


For additional coverage of security 
issues, visit our Web site: 


QuickLink k1600 
www.computerworld.com 


Nonetheless, the market for 
Tablet PC devices hit $1.2 bil- 
lion in total sales last year, said 
O’Rourke. He predicted that 
sales will rise to $5.4 billion in 
2009, as average prices for 
tablet devices drop well below 
$2,000 and more applications 
become available for them. 

O'Rourke and other analysts 
said there already are a couple 
of ultraportable notebooks on 
the market that are similar in 
size to the P1500 but don’t 
have its tablet capabilities. 

Barry Zane, executive vice 
president of sales at Brand- 
wise SSI Inc., a Lakewood, 
Colo.-based integrator of sales 
force applications, said the 
faster CPU in the P1500 will 
make it “truly a little comput- 

er.” Zane noted that the 
: P1000 sometimes takes 

two to four seconds 

to load new pages — 
” too slow for some 

applications. 


@ 55994 
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>} Sprint. 


Business today is borderless, so for a company to thrive, communication must be seamless. The Sprint wireless and 
wireline networks can integrate all aspects of your company, whether in the office, warehouse or on the road. Which means 
communication is simpler and your employees are more productive. And sir nt owns its own nationwide wireless and 
wireline networks, it can offer a complete portfolio of services under one roof. That's why The PGA of America turned to Sprint 
when they needed a customized network to keep clients on the course j to their offices. It's how HP saved millions 
in overtime with more efficient inventory management. And how FTD connects its call center and Web traffic to 52,000 
florists in 154 countries. No wonder 95% of the Fortune 1000° depend on Sprint. They know being productive is beautiful 
With Sprint, business is beautiful” 


> Visit Sprint.com/beautiful for case studies or call 877-777-5568 > Wireless. Data. Voice. IP 


Sprint-owned PCS network covers 800 of the top 1,000 US metro markets. Coverage not available everywhere. ©2005 Sprint. All rights reserved. Sprint and the diamond logo are trademarks of Sprint Communications 
Company L.P. Fortune 1000 is a registered trademark of FORTUNE Magazine, a division of Time Inc. 
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Oracle to Buy 61% of 
Banking App Vendor 


RACLE CORP. announced last 
QO: that it will buy a majority 

stake in banking software vendor 
i-Flex Solutions Ltd., continuing a 
string of acquisitions designed to 
strengthen Oracle’s applications busi- 
ness in vertical industries. 

Oracle plans to acquire 61% of Mum- 
bai, India-based i-Flex’s stock — 41% 
from Citigroup Inc.’s venture capital 
unit and 20% from public shareholders 
— by year’s end. The total value of the 
deal is expected to be about $909 mil- 
lion (U.S.), said Greg Maffei, Oracle’s 
chief financial officer. 

The i-Flex deal follows acquisitions 
of software vendors 
Retek Inc. and Profit- 
Logic Inc., which both fo- 
cus on the retail industry 
{QuickLink 55409]. Ora- 
cle took control of Min- 
neapolis-based Retek in 
April after outbidding 
SAP AG, and it bought 
Cambridge, Mass.-based 
ProfitLogic last month. 

I-Flex provides soft- 
ware and services to 575 
banks in 115 countries 
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| and has more than 4,700 employees. 
Oracle said i-Flex had revenue of 
$261 million in the fiscal year that 
ended March 31, up 42% from the year 
before, and it earned net income of 
$46 million. The company was founded 
in 1992 with venture capital from Citi- 
group, which is its largest customer. 

mw JAMES NICCOLAI AND JOHN RIBEIRO, 
IDG NEWS SERVICE 


Sun Chooses Scotland 
For Remote Management 


UN MICROSYSTEMS INC. will open 
S: data center in Linlithgow, Scot- 

land, in the next few months to 
remotely manage European customers’ 
computer systems, a Sun executive 
said in an interview last 
week. Don Grantham, 
executive vice president 
of Sun Services, said the 
move builds on Sun’s ac- 
quisition last November 
of Ashburn, Va.-based 
SevenSpace Inc., which 
specializes in remote 
management and moni- 
toring of IT systems and 
applications [QuickLink 
$1122]. Sun now manages 
data centers belonging to 








more than 100 customers from Seven- 
Space’s facilities, Grantham said. 

The company is seeing very strong 
growth in both its managed and pre- 
ventive services operations, according 
to Grantham. Depending on the suc- 
cess of the European data center, Sun 
may open a similar facility in Banga- 
lore, India, or Beijing to serve Asia- 
Pacific customers, he said. 

m CHINA MARTENS, IDG NEWS SERVICE 


Aussie Utility Starts 
Radio-over-IP Network 


SYDNEY 

OUNTRY ENERGY, a Sydney-based 
CO: utility owned by the New 

South Wales state government, is 
implementing a radio-over-IP (RoIP) 
system so field workers using radios 
can connect to the utility’s IP phones 
and external telephone numbers via an 
existing IP network. 

Cerulean Solutions Ltd., which is im- 
plementing the system, said last week 
that it expects to finish the RoIP proj- 
ect by year’s end. The IBM-owned 
company is installing radio-enabled 
gateway routers at base stations, re- 
peaters and dispatch consoles to con- 
vert standard radio voice signals into 
Real-Time Transport Protocol packets 
suitable for the IP network. @ 55982 
m@ SANDRA ROSSI, 
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Briefly Noted 


Infosys Technologies Ltd., India’s 
second-largest software and ser- 
vices outsourcing vendor, said last 
week that in January it plans to 
open a $10 million (U.S.) software 
development campus in Shanghai 
with room for 1,000 workers. Ban- 
galore-based Infosys already has 
another Shanghai center that em- 
ploys 250 people. 

w@ JOHN RIBEIRO, IDG NEWS SERVICE 


Sheffield Hallam University in 
Sheffield, England, next month will 
begin a new master’s degree pro- 
gram for information security man- 
agement, in conjunction with the 
British Standards Institution (BSI). 
The program will include hands-on 
practical experience and training 
on BS7799, the BSI’s standard for 


The Bank of China (Hong Kang) 
Ltd. has awarded Unisys Corp. a 
contract to build a digital imaging 
system that will replace the bank’s 
microfilm machines for document 
processing. Unisys said late last 
month that the new system is ex- 
pected to scan, index and archive 
400,000 documents per day. 


The N3700 is due to ship 


IBM Starts Rollout of Network Appliance’s NAS Boxes 


Vendor adds low-end device now, plans 
wider storage offering in fourth quarter 





BY LUCAS MEARIAN 
New storage partners IBM and 
Network Appliance Inc. last 
week struck against the rival 
team of EMC Corp. and Deil 
Inc., with IBM introducing a 
rebranded version of a low- 
end network-attached storage 
device that’s made by NetApp. 
IBM is aiming the NAS box, 
which it is marketing as the 
TotalStorage N3700, at busi- 
nesses with up to 1,000 em- 
ployees and at the remote of- 
fices of larger companies. The 
rebranded NetApp FAS270 
supports file-level data trans- 
fers and block-level transfers 
done via the Internet SCSI pro- 
tocol, which is most widely 





used to consolidate backups 
from farms of Wintel servers. 
The two companies, which 
announced their partnership 
in April, also said last week 
that IBM will introduce an ex- 
panded product line based on 
NetApp’s hardware during this 
year’s fourth quarter and 
phase out its own NAS Gate- 
way 500 device by year’s end. 
Nirav Merchant, director of 
IT at Arizona Research Labo- 
ratories in Tucson, currently 
runs a NAS Gateway 500. Mer- 
chant said he likes the idea of 
the IBM/NetApp alliance be- 
cause it will offer him access 
to NetApp’s technology under 
IBM’s service and support. 





“T think it’s a good move in 
the right direction,” Merchant 
said. He added, though, that he 
doesn’t plan to make any addi- 
tional NAS purchases for the 
next 12 months or so. 


Similar Partnerships 
Stanley Zaffos, an analyst at 
Gartner Inc., said the similari- 
ties between the EMC/Dell 
and IBM/NetApp partner- 
ships are striking. IBM and 
NetApp teamed up because 
they thought that together 
they could gain market 
share from EMC and Dell 
faster than they could in- 
dependently, he said. 
“That’s the same as- 
sumption that provided 
the underpinnings of the 
EMC/Dell relationship,” 
Zaffos noted. 





IBM has made a number of 
false starts in the NAS market, 
including the rollout of the 
NAS Gateway 500, which was 
introduced early last year but 
never took off with users, ac- 
cording to analysts. 

“In the absence of [IBM] 
doing something themselves, 
which they’ve demonstrated 
over the last five to seven years 
they couldn’t do, this is a 
strong second,” said Arun 


| Taneja, an analyst at The Tane- 
! ja Group in Hopkinton, Mass. 


IBM's TotalStorage N3700 





late this month. It starts at a 
list price of $50,000, which in- 
cludes 14 disk drives with a to- 
tal storage capacity of 1TB. 
The device can be scaled up to 
a maximum raw capacity of 
16.8TB, IBM said. 

Meanwhile, EMC last week 
provided details about a series 
of additions and upgrades it is 
making to its Clariion line of 
midrange disk arrays, which 
Dell has been selling and in 
some cases manufacturing 
since 2002. 

EMC announced four Clari- 
ion “disk libraries” for data 
archiving and upgraded the 

product line’s internal archi- 
tecture from a Fibre Chan- 

nel arbitrated loop to a 
point-to-point architec- 

ture in an effort to alle- 

viate bottleneck issues 
when two disks request 

the same data. @ 56011 





There’s “mobile technology”... 


...and then there’s Intel’ Centrino mobile technology. 


rino mobile technology for 
> designed from the ground up 
limiting. It 
ing mobile performance 
MOBILE [it enables great ttery life in a new 
TECHNOLOGY 
wireless laptop: 
And you don’t need cables or wireless cards 
to keep your users connected: 


Laptops to really mobilize your workforce: 
intel.com/business. 
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IM Security 


based provider of technology 
risk management and other 
professional services. 

“We never had the comfort 
level that we could scan in- 
stant messages appropriately,” 
Robertson said. Another fac- 
tor that contributed to the de- 
cision to disable the IM sys- 
tem last year is that many 
of the company’s employees 
work at client locations, he 
added. Executives from Jeffer- 
son Wells didn’t want to run 
the risk of having a virus or 
worm infect a customer’s 
network. 

Jefferson Wells is a sub- 
sidiary of Manpower Inc. The 
decision to unplug IM was 
made as part of the unit’s eval- 
uation of whether its IT con- 
trols met the provisions of 
Sarbanes-Oxley, said John 


Continued from page 1 
Warehouses 


tools from GoldenGate Soft- 
ware Inc. to pull information 
directly from its business sys- 
tems into the data warehouse, 
said Jack Garcella, the Salt 
Lake City-based retailer’s vice 
president of data warehousing, 
analytics and reporting. 

The data warehouse, which 
is based on NCR Corp.’s Tera- 
data software, will replace a 
process that used traditional 
extract, transform and load 
tools to build reports directly 
from Overstock’s back-end 
systems. As the retailer grew, 
the reports stressed the sys- 
tems and gave employees day- 
old data, Garcella said. Now 
the data warehouse receives 
Web site clickstream data in 
real time, financial and prod- 
uct-sales data every 15 minutes 
and other information hourly. 

“When we launch cam- 
paigns now, we can look with- 
in five minutes and see if they 
are producing lift or revenue 
that would not normally have 


happened,” Garcella said. “You | 


can’t wait until the next day or 
three hours later to get that 
data.” He declined to specify 








Rostern, New York-based di- 
rector of technology risk man- 
agement at Jefferson Wells. 
Since the system was dis- 
abled, the company’s IT staff 


hasn’t bothered to evaluate the | 
| available IM security tools be- 


cause it isn’t being pushed by 


| workers to re-establish IM, 


Robertson said. 
Steve Ross, a director at De- 


| loitte & Touche LLP in New 
York and a past president of 


the Information Systems Audit 
and Control Association, said 
he knows of two Deloitte 
clients that have disabled 


| their IM systems because of 


Sarbanes-Oxley concerns. 
Ross declined to identify the 
companies, saying only that 
one is a services company in 
the southern U.S. and the oth- 
er is a large New York-based 
insurer. 

Other corporate users are 
taking steps to strengthen the 
data security and archiving ca- 


Pe mee meet Gi We:y le tii) 
CREM CU RUE lee ity 
operational and historical cus- 
tomer data, says CIO Tim Stanley. 


MARTIN LEPIRE/KLIXPIX 


how much Overstock is spend- 
ing on the warehousing proj- 
ect, other than to say the cost 
is in the millions of dollars. 

Harrah’s Entertainment Inc. 
is testing a real-time data 
warehouse that combines op- 
erational and historical cus- 
tomer data, said Tim Stanley, 
the Las Vegas-based gaming 
company’s CIO. 

The new setup is based on 
an architecture that Harrah’s 
developed in mid-2002. The 
company is using adapters 


| from Tibco Software Inc. to 


NEWS 


We never had 
the comfort 


be level that we 


could scan instant mes- 
sages appropriately. 


Cee ceeeeeseseseeeeeeoeeseees 


SCOTT ROBERTSON, MANAGER OF 
CORPORATE IT OPERATIONS, 
JEFFERSON WELLS INTERNATIONAL 


pabilities of their IM systems 


| in order to satisfy Sarbanes- 


Oxley’s requirements. 

For example, Chevron Corp. 
is moving to block outside 
connections to an IM system 
used within one of its operat- 
ing units, said Jay White, glob- 
al information protection ar- 
chitect at the San Ramon, 
Calif.-based energy company. 
The expanded effort follows 
the adoption in June 2003 of 
controls for maintaining audit 
records and reducing security 
risks on the IM system. 

“We manage our own IM 


feed information from trans- 
actional systems into its Tera- 
data warehouse to help work- 
ers interact with customers 
at Harrah’s properties, on the 
phone or on the Harrah’s 
Web site. 

“It uses Teradata’s trans- 
actional database and also has 
direct access to all the histori- 
cal data,” Stanley said. “You 
don’t have to have two data- 
bases talk to each other.” 


Changing Needs 
Eric Rogge, an analyst at Ven- 
tana Research Inc. in San Ma- 
teo, Calif., said that because 
business intelligence tools are 
being used more often for op- 
erational decision-making, 
many companies are finding 
that they need to refresh their 
data warehouses more fre- 
quently than on a nightly basis. 
“It’s not about loading a data 
warehouse so a small depart- 
ment of business analysts can 
forecast two years out — it’s 
for daily decisions,” he said. 
For the past 18 months, 
Avnet Electronics Marketing 
has been using a near-real- 
time data warehouse that cap- 
tures orders and updates of lo- 
gistics data from its back-end 
| system every 15 minutes, said 
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system internally on our 
WAN, but the external con- 
nections have presented secu- 
rity [issues],” added White, 
who declined to identify the 
business unit involved. 

Some observers contended 


| that companies are overreact- 


ing to Sarbanes-Oxley by dis- 
abling IM. “You can’t control a 
phone call, so I don’t see what 
the difference is between IM 
and a phone call,” said Diana 
McKenzie, chairwoman of the 
IT group at Chicago-based law 


| firm Neal Gerber Eisenberg 


LLP. “To me, it’s not logical.” 


Kevin Harrington, director of 
IT delivery for global informa- 
tion solutions at the Phoenix- 
based electronics distributor. 
Avnet uses tools from Infor- 


| matica Corp. to move the data 


into the warehouse. Because 
of the integration infrastruc- 
ture, it took only 24 hours in 
late July to begin populating 
the warehouse with order and 
customer information from a 


| company that Avnet recently 


acquired, Harrington said. 
But not all users find they 
need real-time data warehous- 


| es. Merial Ltd., which makes 


medications for pets and live- 
stock, last year ditched efforts 
to create a real-time system 
for updating sales and inven- 
tory data from its 33 ERP sys- 
tems worldwide. Although 
some divisions updated in- 
voicing information daily, oth- 
ers did so only weekly or at 
the end of the month, said 
Steve Lerner, director of infor- 
mation systems, global finance 
applications and integration at 
Duluth, Ga.-based Merial. 

In the end, the company de- 
cided to use data warehousing 


| tools from Kalido to pull data 


from its ERP systems once a 
week. “The consensus among 
the business users was that 
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Greg Hedges, managing di- 
rector of technology risk at 
Protiviti Inc., a Menlo Park, 
Calif.-based company that 
provides internal auditing and 
business-risk consulting ser- 
vices, said some companies 
have disconnected IM systems 
under the pretense of comply- 
ing with Sarbanes-Oxley in- 
stead of justifying those ac- 
tions for business purposes. 

“Sarbanes-Oxley is a won- 
derfu! vehicle for taking things 
out of people’s hands,” said 
Hedges, who added that some 
companies have applied the 
same rationale for disconnect- 
ing wireless systems. 

But Ross said that viruses 
embedded in instant messages 
could cripple networks. “Given 
that [corporate] management 
feels the necessary controls 
haven’t been implemented or 
can’t be,” he said, “unplugging 
instant messaging wouldn’t be 


overkill.” @ 56025 


there was no way they were 
prepared to make business de- 
cisions based on sales other 
than on a weekly basis,” Lern- 


er said. @ 56021 


READ MORE ONLINE 


For more coverage of this topic, visit our 
Business Intelligence Knowledge Center: 


QuickLink a4630 
www.computerworld.com 


Correction 

LAST WEEK'S cover story on 

the risks involved in transporting 
data backup and archive tapes to 
external storage facilities (“Lost, 
Stolen or Strayed”) incorrectly 
spelled the name of Minneapolis- 
based Xcel Energy Inc. 


IN THE “Ask a Premier 100 IT 
Leader” item on the Career 
Watch page in last week's issue, 
Gilles Bouchard was incorrectly 
identified as Hewlett-Packard 
Co.'s ClO. Bouchard was ClO 
and executive vice president of 
operations at HP until July 11, 
when the company announced 
that it was separating those jobs 
and named former Dell Inc. ClO 
Randall Mott to run IT. Bouchard 
remains in charge of HP's supply 
chain operations. 
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M GET THE FACTS. 


RADIOSHACK COMPARED TCO AND FOUND WINDOWS SERVER SYSTEM 
WILL SAVE THEM MILLIONS. 


“In upgrading our aging UNIX-based servers, we considered both Windows Server™ and 
Linux. Windows Server System™ offered several advantages, including the ability to consolidate 
our in-store servers by 50% from 10,200 to 5,100—and a savings of several million dollars 
in hardware, software, systems management, and support costs.” . 

—Ron Cook, Vice President and Chief Technology Officer, RadioShack ®) RadioShack. 


For these and other third-party findings, go to microsoft.com/getthefacts 
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OPINION — 


DON TENNANT 


Changing of the Guard 


S YOU WERE THUMBING through last 

week’s issue, or scanning the news sto- 

ries on our Web site, you may well have 

glossed over a story that the more I 

think about it, the more I’m convinced 
is one you really should have read. 


I’m referring to Thomas 
Hoffman’s story titled 
“School System Uses Gov- 
ernance Apps to Stretch 
IT Staff” [QuickLink 
55842]. No, I’m not kid- 
ding. Yes, you need to care 
what the public school 
system in Chicago is do- 
ing with IT governance 
and portfolio manage- 
ment. Why? Because the 
school system is taking 
a hosted-applications 
approach to the problem, 
and that’s saving it $200,000 a year. 

Yeah, I know, $200k is a rounding 
error in your IT budget. The point is, 
those savings scale, big time. And if 
you haven't already done so, you need 
to start thinking about how you're go- 
ing to offload some of those over- 
priced business apps that you're pay- 
ing a fortune to maintain in-house. 

Last week, I had an intriguing dis- 
cussion with Greg Gianforte, founder 
and CEO of RightNow Technologies, 
an on-demand CRM vendor that does 
40% of its business with companies 
with revenue of more than $1 billion. 
You can go to RightNow’s Web site 
(www.rightnow.com) and read the tes- 
timonials from market research firms 
and from large corporations that are 
saving obscene amounts of money by 
taking the hosted-applications route. 
But just to give you an idea, Audiovox 
says it saved more than $2.7 million 
over three years, with an indepen- 
dently audited ROI of 1,989%. Talk 
about reducing your overhead. 

So when savings of this magnitude 
are at stake, why isn’t the on-demand, 
software-as-a-service model more 
widely adopted than it is? Gianforte 
makes a very compelling argument 
that it all has to do with the fact that 
it’s nearly impossible for traditional 





“on-premise” software 
vendors to offer the host- 
ed option. These are the 
reasons he gives: 

@ The software has to 
be rewritten for “multi- 
tenancy” so that hun- 
dreds or thousands of 
clients can share a com- 
mon IT infrastructure. 

= “The whole ecosys- 
tem consists of systems 
integrators that are para- 
sites that feed on the 
complexity of the appli- 

cations.” For traditional software ven- 
dors to really embrace this model, 
they’d have to alienate their existing 
partners. 

@ The on-demand approach is a 
pay-as-you-go model. The difficulty 
here is that “when you're used to get- 
ting all of your money upfront, it’s 
hard to make the transition to this 
model and keep Wall Street happy.” 

@ When you get paid along the way, 
if you’re not making the customer 





happy, you don’t get the renewal. “I'd 
hate to think what SAP’s or Siebel’s 
renewal rates would be if it was de- 
pendent on the success of their de- 
ployments.” 

What this means is that we’re likely 
to see more and more start-ups offer- 
ing Web-based, on-demand services. 
A perfect example is the venture be- 
ing pursued by Damien Bean, a Com- 
puterworld Premier 100 IT Leader 


and former vice president of corpo- 


rate systems at Hilton Hotels. Bean 
left Hilton to start CareerCurrency 
(www.careercurrency.com), an outfit 


| that hosts e-learning applications for 
| corporate customers. 


“I’m certain that the days of large 
IT departments being responsible for 
all of an organization’s data manage- 
ment needs are over,” Bean told me 
last week. “Information service pro- 
viders can offer far greater focus and 
capacity at a cost structure that is a 
fraction of that required to maintain 
systems internally.” 

Consequently, Gianforte says, 
“there’s going to be a changing of the 
guard of primary vendors who supply 
enterprise applications.” I, for one, 
salute the very thought. @ 55990 
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JULIE SILVERSTEIN 


Keeping User 
Groups Vital 


FEW WEEKS AGO, 
Interex, one of four 
Hewlett-Packard tech- 


nology user groups, shut itself 
down. This is a good time, then, to ex- 
amine what user groups need to do 

to deliver sustained value to their key 
stakeholders — their members and 
vendors — and how they can remain 
strong and relevant. SmithBucklin re- 
cently conducted interview-based re- 
search to understand fully the answers 
to those questions. 

For vendors, user groups offer tangi- 
ble, quantifiable benefits. Vendors say 
user groups help them reduce the cost 
of communicating key messages to 
users, minimize technical support ex- 
penses, generate sales leads, strength- 
en inroads with business partners, and 
create efficiencies in 
capturing market 
feedback, product 
evaluations and com- 
petitive input. 

Equally important 
are less tangible ben- 
efits. Vendors place 
an enormous value 
on user groups for 
the unique customer 
mind-share they cre- 
ate and the relation- 
ships they foster. 

This translates into 
more loyal customers 
and opportunities 
for additional sales. 

To remain suc- 
cessful, user groups must also deliver 
sustained value to their members. For 
example, they provide intimate access 
to the leading minds, technology and 
information in the industry, exposing 
members to critical business solutions 
and technologies that can save their 
companies money. Effective user 
groups repurpose this content on an 
ongoing basis, creating a year-round 
community that doesn’t rely solely on 
face-to-face gatherings to deliver value. 

Our research shows that the benefits 
received by members — for both the 
companies they represent and for 
themselves — should be greater than 
their investment of time and money in 
the user group. Strong groups follow 
this rule. To do this, they must contin- 
ually ask their members to assess the 
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value they are deriving from their 
membership and be willing to change 
their offerings in response to this in- 
put. In addition, user groups must 
communicate their value propositions 
to members at every opportunity. 

User groups must also learn to iden- 
tify and avoid certain pitfalls. Those 
with weak vendor relationships either 
fail or end up continuously struggling 
through unfocused and sometimes ad- 
versarial relationships with their ven- 
dor. On the other side of the equation, 
if a vendor’s primary approach to these 
groups is reactive rather than one of 
driving initiatives through the user 
group community, that vendor is in 
danger of fostering a negative relation- 
ship. Effective user groups take the 
lead in building positive relationships. 

Strong user groups are — and will 
continue to be — a vital industry force, 
consistently delivering significant val- 
ue to their stakeholders. For example, 
the McKesson Corp. health care user 
group, InSight, created a new type of 
vendor partnership involving four key 
McKesson partners — Oracle, Dell, In- 
tel and SearchAmerica. Called V3, the 
partnership gives InSight members a 
unique look into technologies the 
four companies bring to large-scale 
McKesson implementations. Another 
example is the Americas’ SAP Users’ 
Group, which created an online mem- 
ber resource called Year-Round Com- 
munity that fosters ongoing communi- 
cation among members and serves as 
an excellent way to deliver programs, 
services and vital content. 

In an ever-changing industry filled 
with marketplace uncertainty and 
mounting economic pressures, the val- 
ue these groups provide has managed 
to remain one of the few constants. 
The trick is to make sure that the win- 
ning equation of user groups is in 
place. Committed vendors working 
with committed users will yield maxi- 
mum value for all involved. @ 55899 
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GARTENBERG 


These Are 

The Days, | 

My Friend 
HE POET Robert Frost 


wrote, “Why abandon 
a belief merely because 


months back, I talked about 


the road if I was near a 


let me talk for about an hour, if I was 


things I missed about older 
products [“There’s a Scar- 
city of Great Stuff,” Quick- 
Link 54487]. Sometimes I 
find myself sounding a lot 
like my dad romanticizing 
the good old days. But af- 
ter giving it a little thought, 
I have to admit that the 
good old days weren’t al- 
ways so good, and what 
we've got now isn’t bad. 
Let’s look at a few things, 
then and now. 

My desktop PC: Ten years 
ago, I was using a 133-MHz 
Pentium, with 16MB of 
RAM, a 250MB hard disk 
and an SVGA monitor. It did 
productivity applications 
pretty well, but that’s about 
it. Today, I use a 3-GHz P4 
with 1GB of RAM and 200GB of hard- 
disk space connected to a 42-in. dis- 
play. It can do productivity applica- 
tions, but it also records all my TV 
shows and holds my entire music col- 
lection and every photo I’ve taken 
since 1995. 

My laptop: In 1995, I used a PowerBook 
540c. It was a pretty heavy computer, 
had a floppy drive and got about an 
hour of battery life. It connected me on 


jupiterresearch.com/ 
analysts/gartenberg. 


copies of every picture on my comput- 


| Pac-Man. 


phone jack or an Ethernet 
connection. The ThinkPad 
I'm using today gets six 
hours of battery life, con- 
nects if there’s a phone or 
Ethernet and uses Wi-Fi or 
EV-DO if there’s not. It has 
enough disk space to keep 
all my work as well as my 
music collection and a few 
videos to watch on the 
road. It also weighs less 
than 4 pounds. 

My PDA: Ten years ago, I 
used a Newton from Apple. | 
It had a great operating 
system but was bulky, ran 
down AA batteries quickly 
and couldn’t synchronize 
with my PC to keep my 
contacts and calendar. 

My PDA today is a Palm 
LifeDrive that has 4GB of storage. It 
syncs not only my calendar and con- 


| tact information, but also every busi- 


ness document on my PC, and it has 


er formatted for its screen and a few 
hundred songs to listen to. It also lets 
me play an arcade-perfect version of 


My phone: My bulky cell phone 10 
years ago had to go in my laptop bag. It | 


lucky enough to get reception. Today, 
my smart phone is tiny and fits in my 


| pocket. It carries a copy of my contacts 


and calendar and can even be used for 
e-mail triage. It gets more than four 
hours of talk time and works in most 


| parts of the world. 


I could go on. I could talk about 
servers then and now or digital cam- 
eras. In just about any category you 
can think of, we’ve benefited from the 


| indefatigable effects of Moore’s Law, 
| : orl 
| and the result is that every digital de- 


vice we use is simply better, faster, big- 
ger where it counts, smaller when that 
helps and more powerful than it was 
just a few years ago. That has enabled 
us to do more, though it has added 
complexity. 

Yes, sometimes I still feel nostalgia 
for the good old days, but then I use 
my Bluetooth-enabled car to reroute 
my calls automatically or a high-speed 
EV-DO connection from my laptop 
to watch and control the TiVo in my 
den when I’m stuck at the airport. 


| The feeling of nostalgia passes quickly. 
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CEO’s Absence at HP Event Not So Absurd 


DON'T find it odd that new HP 


CEO Mark Hurd won't be attend- 


ing his own event [“No Hurd? Ab- 
surd,” QuickLink 55548}. After all, 
he is relatively new to HP, and he 
doesn't have an understanding of 
the historical background. 

HP and its customers had, for 
many years, a very strong level of 
commitment and cooperation. The 
user conferences, local meetings 


and SIG meetings were all aimed at 


getting feedback from the user 
community. This doesn’t seem to 
be the case anymore. Macworld 
and Oracle OpenWorld are just 
about showcasing new products. 
The vendors have been working 
toward changing the way we pur- 
chase and the needs we have; 
computers, software and peripher- 


als are commodities. The real mon- 


ey is in services. | miss the old 
days when John Young and Dave 
Packard would stroll through the 
room and chat with us customers. 


| | shared many a conversation with 
people from HP Labs and was able 

| todo more with the resources | in- 

| vested in. So, Messrs. Hurd, Jobs, 

| Dell and the rest: Thanks for not lis- 
tening to us anymore; we're just the 

| consumer. 

| John T. Monaghan 

| Vice president of IT, 

| Marnell Corrao Associates, 

Las Vegas, jmonaghan@ 

| marnellcorrao.com 


S$ A long-standing member of 
Interex who has attended vari- 
| ous conferences, beginning with 
the one in Anaheim in 1984, | was 
disappointed that the then-CEO of 


| HP, John Young, wasn't at my first 
| Interex/HP World Conference. 


During the following 21 years, the 
CEO was not always in attendance. 
In fact, Carly Fiorina declined to at- 


| tend the 2000 event, even though 
| she was in New York the day the 
| conference opened. It was the day 





HP unveiled the SuperDome, and 
the press and Wall Street were well 
served. Fiorina did attend the Chica- 
go 2001 and Atlanta 2003 confer- 
ences, albeit for only the keynote 
speech and a quick walk through 


| the exhibit area. In 1999, both Fiori- 


na and the outgoing CEO, Lew Platt, 
attended the annual conference. 

During that conference, | was a vol- 
unteer leader for Interex, serving as 


| the chair of the High Availability Fo- 
| rum, and got to spend time with 
| both HP leaders. | too hope that 


Mark Hurd will reconsider and at- 
tend the HP Technology event, even | 
though | will not be able to do so. 


| Chuck Ciesinski 

| HP-UX architect, 

| Board member, OpenMPE, 
| Germantown, Md. 


| IT Must Help Make 


People Less Useless 


HAT great article [“The Truth 
About ‘Useless’ People,” Quick- | 
Link 55069] reminds us what our 


true purpose is in the IT realm - to 
educate, to foster technical growth 
and to mentor our peers through 
leadership. We cannot forget for 
one second that not everyone might 
understand technospeak as we try 
to explain “simple” issues to the 
masses. 

Christian Markley 

IT trainer, T.H. Properties, 
Harleysville, Pa., 
Christian.Markley@ 
thproperties.com 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 


will be edited for brevity and clarity. 


They should be addressed to 


| Jamie Eckle, letters editor, Com- 
| puterworld, PO Box 9171, 1 Speen 


| Street, Framingham, Mass. 01701 


Fax: (508) 879-4843. E-mail 


letters@computerworld.com 
| Include an address and phone 


number for immediate verification 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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QUICKSTUDY 

Markup Languages 

These languages use sets of embedded tags or 
labels to characterize text elements within a 
document and thereby indicate their appear- 
ance, function, meaning or context. Page 30 


SECURITY MANAGER'S JOURNAL | OPINION 


Dealing With an ISO Time for a New View 

Who’s Only So-So Of Data Management 

CJ. Kelly confronts her agency’s Ci Monash says that database management 
information security officer, who’s ¥ i sis and the only way out is a radically 
weak in most technical areas. Page 32 different view of data management. Page 36 


Insider security risks grow as 


partners and suppliers increas- 


ingly have access to corporate 

networks. Here’s what compa- 
nies are doing about the threat. 
By Jaikumar Vijayan 


HE FEAR OF corporate data being 

stolen or accidentally leaked by 

insiders is what keeps Andreas 

Wuchner-Bruhl awake at night. 

Detecting and stopping such 
leaks is an enormous challenge, es- 
pecially for large companies with 
ely distributed data stores and networks, 
Wuchner-Bruhl, head of global IT se- 

curity at Novartis Pharma AG, a $25 billion 
drug maker in Basel, Switzerland. 

These days, the problem is even tougher 
because it’s no longer just the disgruntled 
or malicious employee who poses the inter- 
nal threat, says Wuchner-Bruhl. It’s also the 
careless user, the outside hacker posing as a 
trusted user and others with inside access 
to enterprise networks, such as suppliers, 
partners and service providers. 


Within 


As a result, companies must take a fresh 
look at the scope of the insider threat and 
figure out what new technology, processes 
and administrative controls they need to 
implement to deal with it, says Wuchner- 
Bruhl. “Security people like to give the 
impression that things are under control,” 
he s ‘But the fact is, there are so many 
things we don’t even begin know” about 
internal threats. 

Wuchner-Bruhl is among a growing num- 
ber of security managers who are looking to 
see what new controls are needed at a time 
when internal attacks on corporate informa- 
tion systems are increasing. In fact, at many 
of the world’s largest financial services com- 
panies, such attacks have already surpassed 
external attacks, according to Deloitte 
Touche Tohmatsu’s June report on its 2005 
Global Security Survey. In the survey of 
Fortune 100 companies, 34% of the respon- 
dents said they had experienced internal at- 
tacks in the past 12 months, compared with 
14% in 2004. In contrast, only 26% reported 
external attacks in the past 12 months. 

“Insider attacks are the most difficult to 
catch because these are legitimate users us- 
ing their legitimate access for inappropriate 

Continued on page 26 
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“At Nissan, we expect to save at least $135 million annually 
thanks to the efficiencies that Windows Server 2003 and 
Exchange Server 2003 are helping us achieve.” 


Toshihiko Suda 
Senior Manager, Nissan Motor Company, Ltd. 


litt 
Windows 
Server System 


Make a name for yourself with Windows Server System. 
An upgrade to Microsoft Windows Server System 
made it possible for 50,000 worldwide employees 
at Nissan Motor Company to have more secure 
remote access to their e-mail and calendars 
from any Internet connection, without the hassle 
and expense of a VPN. Here's how: By deploying 
Windows Server 2003 and Exchange 2003, not only 
did Nissan IT meet the CEO's demand for better global 
collaboration, they expect to save at least $135 million 
by streamlining their messaging infrastructure 
To get the full Nissan story or find a Microsoft 


Certified Partner, go to microsoft.com/wssystem 
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Continued from page 23 

purposes,” says Pete Lindstrom, an 
analyst at Spire Security LLC in Mal- 
vern, Pa. “They tend to have the high- 
est impact, since they are insiders with 
access and they know where the valu- 
able information is.” 


Know the Enemy 
Understanding that it’s not just the dis- | 
gruntled employee who poses the in- | 
sider risk is a good place to start ad- 
dressing the problem, says Jonathan 
Bingham, president and chief technol- 
ogy officer at Intrusic Inc., a Waltham, 
Mass.-based security products vendor. 
Very often, the more sophisticated 
inside attacks are launched by out- 
siders who have stolen legitimate user 
credentials and then use them to gain 
access to high-value targets, says Bing- 
ham. For example, selectively planted 
Trojan horse programs were used to 
collect the usernames and passwords 
of highly privileged users at more than 
300 critical infrastructure companies 
in the U.K. earlier this year. The cre- 
dentials were then used by hackers to 
gain access to high-value systems. Be- 
cause such targeted attacks generate 
much less traffic than mass attacks, 
they are harder to detect using tradi- 
tional antivirus and e-mail filtering 
tools, users say (see related story, 
QuickLink 55220). 


that can result 
from an insider attack, carrying one out 
doesn't always take a lot of technologi- 
cal savvy, according to security experts. 

Most of the more traditional attacks 
TO MS AUR ey met 
me mel CORT mle o da) 
awit eae Cece Me ancl Lime 
ployee has been terminated or has left 
the company, according to a report re- 
leased in May by the U.S. Secret Service 
and the CERT Coordination Center. 

In the 49 incidents studied, the insid- 
ers were often systems administrators 
or privileged users who knew their way 
Flee m UC limicliu ee ae lect h MrT ie] 
good idea of where the important infor- 
CMR CCRT Ceti 
need for scanning activity or sophisti- 
rem eee eT Oke Cl ete to 

Many times, the attacks take advan- 
ete Re Mee Me Mee eee C 
OR MORI Ce: (ae com COMea ltr Rie ae 
mation - rather than technological ones, 
according to security experts 


_TECHNOLOG 


The growing interconnectedness of 
enterprise networks also means it’s not 
just the employee who has access to 
internal assets. “We can have a situa- 
tion where a guy who has legitimate 
access for a day can plant a back door 
on our systems and log in at will later,” 
says Jeff Nigriny, chief security officer 
at Exostar Inc., a business-to-business 
portal for the aerospace industry in 
Herndon, Va. 

Detecting the telltale signs of such 
activity requires a deeper analysis of 
network traffic and behavior than most 
traditional security technologies pro- 
vide, Nigriny says. 

Nigriny’s company is using a hard- 
ware appliance from Intrusic called 
Zephon to analyze network traffic at 
the packet, session, host and environ- 
ment levels. Such monitoring allows 
companies like Exostar to identify sus- 
picious internal network activity such 
as data flows going in the wrong direc- 


tion, servers consuming data instead of | 


producing it and computers communi- 
cating with one another where no such 
communication existed previously, 
Bingham says. 

Malicious insiders use network re- 
sources in subtly different ways from 
normal users. Intrusic’s tool is de- 
signed to detect such “illegal move- 
ment of a sophisticated individual 
within a network,” Bingham says. 
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Even the relatively sophisticated at- 
tacks by outsiders posing as trusted in- 
Teme MIr LUN ACUI TRE Cec 
Tee MPN MTT ume Lit CCM Mie 
ing and pharming methods to get unsus- 
pecting users to part with network cre- 
dentials that are then used to gain ac- 
ROR CR Ee Oe 

There are also many fairly straight- 
forward ways that data can be taken out 
of enterprises without anyone’s knowl- 
edge, says Andreas Wuchner-Bruhl, 
head of global IT security at drug maker 
OE mE Mm meet Tem 1 
transfers, sending data in e-mail attach- 
ments and uploading data to remote sys- 
tems. The ubiquity of high-capacity 
SUPT merle Gilet mel U ccm ei Ty 
US) SBM el ROPE TRE eill(e| 
devices makes it easy for people to 
CCR EL EL em merle BLL 
simply walk away with it With very little 
traceability, Wuchner-Bruhl says 

Jaikumar Vijayan 





“It looks for things down at the Level 
2 and Level 3 layers. It doesn’t care 
what the application is,” says Nigriny. 
The tool can be used to identify issues 
as varied as a misconfigured firewall, 
an employee downloading porn or 
someone attempting to upload confi- 
dential data to an external server in an 
HTTP stream, he says. 


What's Going Out 


Network egress filtering is another 
way of finding out whether protected 
data is leaving corporate boundaries in 
an illegal fashion, says Jeff Karafa, chief 
financial officer at Community Bank of 
Dearborn in Michigan. 

The bank uses a hardware appliance 
from Reconnex Inc. in Mountain View, 
Calif., to examine outgoing corporate 
e-mail, Web mail, instant messages and | 
Web posts for confidential data such as 
customer account numbers. 

Like other products in its class, 
Reconnex’s iGuard technology uses a 
combination of exact data matching, 
contextual analysis and policy infor- 
mation to alert administrators when 
specific pieces of protected informa- 
tion traverse the network. Such alerts 
can be useful in identifying both mali- 
cious leaks and accidental ones — 
such as an employee sending a file 
containing confidential information to 
his personal e-mail account so he can 
work on it at home. 

The amount of data that trickles out 
in such fashion can be surprising, 
Karafa says. “We thought we were do- 
ing pretty well on our own” in detect- 
ing such leaks, he says. But then the 
bank tested Reconnex’s egress-filtering 
tool and noticed how much sensitive 
information was slipping out, often as 
a result of employees making mistakes. 
In one case, an employee was found to 
be sending customer account informa- 
tion to a former worker and was 
promptly fired, Karafa says. 

“When that data was presented to 
us, it was something of an eye-opener,” 
says Karafa, who also uses the Recon- 
nex tool to monitor the Web surfing 
habits of employees. 

But content-monitoring tools don’t 
always scale well and are of limited use 
in environments where network traffic 
is encrypted, says Wuchner-Bruhl. He 
is considering using digital rights man- 
agement technologies to tag confiden- 
tial data and intellectual property in 
order to control how it is accessed and 
used. DRM tools, which are available 
from vendors such as Microsoft Corp., 
Authentica Inc. and Liquid Machines 
Inc., are designed to let companies 





track how data is used and prevent em- 
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ployees who don’t have the right privi- 
leges from doing things like reading, 
altering, copying, printing and for- 
warding data. 


For the Money 

Financial motives appear to be a pri- 
mary driver in a growing number of 
insider attacks, says Bingham. One 
example of that trend is the theft of 
information on about 60,000 Bank of 
America Corp. customers by a New 
Jersey-based data-theft ring that had 
also stolen information from three 
other banks — Wachovia Corp., Com- 
merce Bancorp Inc. and PNC Bank NA 
[QuickLink 54542]. The ring’s mem- 
bers included seven former employees 
from across the four banks. 

Most such inside attacks are planned 
in advance and can be prevented if the 
right controls are in place, according to 
a report released in May by the U.S. 
Secret Service and Carnegie Mellon 
University’s CERT Coordination Cen- 
ter. Good configuration management 
practices, for instance, allow compa- 
nies to identify unauthorized changes 
to software or the creation of unautho- 
rized remote-access accounts, both of 
which could portend trouble, the re- 
port says. Segregating the duties of 
systems administrators and privileged 
users is another way of ensuring that a 
single person doesn’t have unbridled 
access to network resources, according 
to the report. 

It’s also important to have the right 
processes in place for disabling net- 
work access when employees are ter- 
minated, notes the report, which is 
based on an investigation of 49 cases 
of insider attacks via computer sys- 
tems in critical infrastructure sectors 
between 1996 and 2002. 

Many inside attacks continue to be 
the work of disgruntled employees and 
former workers who still have access 
to corporate systems after they leave, 
according to the CERT report. 

In many cases, the triggers for such 
attacks are negative work-related inci- 
dents that could be addressed via for- 
mal human resources processes for 
handling employee grievances, and 
by reporting suspicious behavior, the 
report Says. 

Companies need to use access con- 
trol and account provisioning tools to 
identify and close the “orphan ac- 
counts” that are left behind when em- 
ployees leave or are terminated. The 
failure to close such accounts gives 
former employees an entry into the 
corporate network. 

Training, user awareness and admin- 
istrative measures are perhaps as im- 
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In a survey commissioned by Mazu 
Networks Inc. in Cambridge, Mass., 
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portant as technology when it comes 
to dealing with insider risks, says Kim 
Milford, information security manager 
at the University of Rochester in New 
York. 

Outside hackers are increasingly us- 
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ing social engineering methods, such 
as spoofed e-mails and Web sites, to 
lure people into disclosing sensitive in- 
formation and user credentials. These 
so-called phishing and pharming ex- 
ploits are now among the top security 





concerns of the financial companies in 
the Deloitte survey. 

The efficacy of such methods on un- 
trained users can be alarming, says 
Jason Jones, a webmaster at a private 
university in Texas that he asked not 
be named. In a test earlier this year, 
Jones and his team managed to harvest 
authentication credentials from over 
90% of targeted individuals by using 
spoofed e-mail and Web pages de- 
signed to look as though they were 
from the university’s IT security team. 

Educating and training employees 
about such issues is key, Milford says. 
It’s also vital that employees know se- 
curity policies and the consequences 
of misusing corporate data and net- 
work resources, says Wuchner-Bruhl. 

Technological measures are impor- 
tant as well, Milford says. Among those 
Milford has found useful are controls 
that enforce least privilege rules, 
meaning they give users no more ac- 
cess than they need. She also likes 
tools that use IP restrictions to limit 





and then it hits you:// 


access to protected information and 
keep logs for monitoring unsuccessful 
application access attempts. 

In addition, Milford advocates the 
use of a what she calls a “carrot-and- 
stick policy” to induce good security 
practices. The stick could be a compre- 
hensive policy with strong enforce 
ment, she says. The carrot could take 
the form of incentives tor completing 
security training, such as job reclassifi 
cation, merit raises, bonuses and in- 
creased opportunities for career devel- 
opment, Milford says. Empowering 
staffers at all levels of the organization 
to learn about security and take steps 
to guard organizational resources in 
their power is also key, she says 

“Education, empowerment and en 
forcement are probably the most criti- 
cal ways to create a climate of security 
for administrators and users,” Milford 
says. “Utilizing and reinforcing the 
message that everyone has a responsi- 
bility for information security is im- 


portant.” @ 55809 
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Acxiom’s Charles D. Morgan, Alex Dietz and Terry Talley recognized the benefits that could be gleaned 
from a grid computing system, among them, faster record processing for quicker delivery to clients. 


CXIOM CORP. 
processes bil- 
lions of records 
every month, 
culling from 
sources like cus- 
tomer-prospect 
lists, phone 
records and retail store sales to gener- 
ate usable consumer data for its busi- 
ness clients. 

The high volume was impressive, but 
company officials wanted to process 
even more — quicker and cheaper, too. 

“We decided there had to be a better 





way,” says Charles C. Howland, grid in- 
frastructure group leader. 

So tech workers developed the Cus- 
tomer Information Infrastructure (CII), 
winner of a 2005 Computerworld Hon- 
ors award. This grid environment allows 
Acxiom to handle a higher data volume 
faster and with less-costly equipment. 

Consider, for example, that it often 
took more than three months to update 
Acxiom’s InfoBase database; on the 
grid, it takes three days. “We would not 
be able to run our business the way we 
do today without this capability,” says 
Alex Dietz, leader of the Acxiom solu- 





tions infrastructure organization. 

Acxiom had managed most data 
using IBM mainframes running MVS 
until 1995, when it moved its internal 
processes and clients’ applications to 
symmetrical multiprocessing platforms. 
Although SMP technology was more 
powerful and cost-effective, Acxiom 
still spent more than $150 million an- 
nually for capital equipment to main- 
tain its capability. 

But Acxiom staffers were already at 
work developing a high-performance 
application called AbiliTec to 
link and clean information on 
individual consumers gleaned 
from multiple data sources. 
Acxiom matches every name 
and address it receives from 
clients against its in-house 
AbiliTec reference base 
of 20 billion records. More 
than 40 billion records are 
linked each month. 

The application worked 
well, but Acxiom needed 20 
environments with Unix SMP 
supporting AbiliTec to handle the pro- 
cessing load. It was expensive and still 
not fast enough, says Terry Talley, a se- 
nior technical adviser based in Conway, 
Ark. 


Payback Potential 

So in 2000, a research team set out to 
find a better way, pinning its hopes on 
grid technology. Dietz credits Talley 
with the plan: “He came to us with the 
idea of wiring together a bunch of PCs, 
and he proved it would work.” 
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Talley says he spread applications 
over multiple machines “instead of us- 
ing one big machine. We were much 
faster, and the incremental cost to do 
one record was significantly lower 
than our previous implementation.” 

The team of eight to 10 tech workers 
worked on and demonstrated the grid 
computer project to CEO Charles D. 
Morgan in the summer of 2001. 

“He said, ‘This is great. Go do it to all 
of the Acxiom products, ” Talley recalls. 

Acxiom’s use of grid technology 
makes the company a leader in 
this area, says Ahmar Abbas, 
an analyst at Grid Technology 
Partners in South Hadley, 
Mass., and author of Grid 
Computing: A Practical Guide 
to Technology and Applications 
(Delmar Thomson Learning, 
2003). As for the technology’s 
impact on Acxiom’s perfor- 
mance, he says, anything 
workers can do to make 
processes run better, cheaper 
and faster “is going to have a 
direct impact on the services they offer 
and the money they can generate.” 

John Ripa, group leader for Acxiom 
data products, says the impact of the 
new technology is significant. 

He points to one of the company’s 
products, InfoBase Enhancement, as 
a prime example. A client — a cell 
phone company, for example — might 
ask for consumer information to target 
new customers or to cross-sell to exist- 
ing ones. The client sends Acxiom mil- 
lions of its own records, which Acxiom 
then processes against its database of 
consumer information to produce the 
detailed consumer files the cell phone 
company wants. 

Working with the CII grid computing 
technology, Acxiom improved the 
speed of its build process by 83%, Ripa 
says. It increased the speed at which it 


| delivers these files to clients by 77%. 


“And the reliability improved dramati- 
cally. We're as close as we can get to 
zero downtime,” he adds. Equally im- 
pressive is an 86% reduction in hard- 
ware costs, Ripa says, comparing costs 
prior to and after implementation. 

“This gives our clients the ability to 
do things rapidly that could never be 
considered before,” Ripa says, adding 
that companies are willing to pay a 
premium for that speed. 

Talley says the biggest challenge for 
Acxiom was “dealing with the psycho- 
logical impact. People are comfortable 
with paradigms that are old and famil- 
iar.” The changes required workers 
“to rethink existing processes and soft- 
ware.” Acxiom also had to manage a 
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The $1.2 billion Little Rock, 
Ark.-based company has more than 


mployees, and 1 are IT workers 


Acxiom collects and main- 
tains consumer data from 
nearly every household in the 
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large number of computers over 
the long term. 

“We have built a lot of software to 
address this challenge,” Talley says. 
“It’s relatively easy to get a bunch 
of machines up and running for the first 
time. It’s much more difficult to add to, 
replace and update those machines 
over time, and the problem is magni- 
fied if you have thousands of nodes.” 


Lessons Learned 
Without a road map to guide them, 
Acxiom’s IT workers had to rely on 
their own internal resources to com- 
pensate for a lack of commercial prod- 
ucts. As a result, they built their own 
resource scheduler, grid control, main- 
tenance interfaces, software distribu- 
tion functions and grid-enabled data 
management functions. 

Open-source software was used 
when available; when it wasn’t, the IT 
staff wrote components. Acxiom offi- 
cials also tapped experts who were de- 
veloping general-purpose grid prod- 
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ucts at other companies to confirm 


| that they were on the right path. 


The rewards overshadow many of 
the challenges. Talley points to a de- 


| mographic enhancement product that 
| took nearly 30 days to run on a large 
Unix computer; it takes less than one 


day on the grid version. 
“Our grid is all about performance. 


| It’s about being able to do things you 


couldn’t do before,” Talley says. 

In 2003, Acxiom announced that it 
would host client data and run client 
processes in the grid environment, too 
— a strategy that evolved into the ar- 


| chitecture known as CII. 


CII product leader Ken Archer says 
the speed, flexibility and scalability of 


| the grid is key to meeting clients’ needs. 


“A large part of our customer base is 
financial services, specifically around 
customer marketing and customer ac- 
quisition. And if they can get the data 
quicker, they can get offers out faster 
to make those decisions,” he says. 

Acxiom now has more than 4,000 


OF YOUR SUPPORT STAFF BY 45% 


USING RESOURCE MANAGEMENT. 


Novell 


find out more at novell.com/ZENworks 


COMPUTERWORLD August 8, 2005 2 


rack-mounted, two-processor nodes in 
its data centers that are dedicated to 


| the grid. Each node is a PC-based 
server running Linux. 


Officials won’t disclose how much 


| the company has invested in its grid 


computing project, although they 
indicate its value is well worth the 


| cost. They cite the case of one large 
| credit card issuer, which had a file 

| of 250 million customer records 

| processed and scored in parallel 

| using both the CII environment and 
| mainframe; the time to completion 


with CII was 15 hours versus more 
than 150 hours on the mainframe. 
Dietz says Acxiom is still migrating to 


| grid computing, so about half of its work 
| still flows through legacy environ- 


ments. Says Talley, “We'll have a con- 


| stant evolution in both size and func- 
| tion over the next few years.” @ 5587 


| Pratt is a Computerworld contributing 


writer in Waltham, Mass. Contact her at 


| marykpratt@verizon.net. 
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JYEFINITION 


Markup languages use sets of embedded tags or labels 
to characterize text elements within a document so 
as to indicate their appearance, function, meaning or 
context. Originally used for production within the 
publishing industry, markup languages have prolifer- 
ated since the widespread adoption of XML. 


BY RUSSELL KAY 
N 1969, three IBM research- 
ers created GML, a format- 
ting language for document 
publishing. Understood to 
mean Generalized Markup 
Language, the letters also hap- 
pened to be the initials of its 
creators: Charles Goldfarb, 
Edward Mosher and Raymond 
Lorie. 

GML allowed text editing 
and formatting, and it enabled 
information-retrieval subsys- 
tems to share documents. 
Instead of a simple tagging 
scheme, however, GML intro- 
duced the concept of a 
formally defined docu- 
ment type containing 
an explicit hierarchy of 
structured elements. 

Major portions of 
GML were implement- 
ed in mainframe publishing 
systems, and the language 
achieved substantial industry 
acceptance. IBM adopted 
GML and produces over 90% 
of its documents with it. 

GML was expanded with 
additional concepts, such as 
short references, link process- 
es and concurrent document 
types, into Standard General- 
ized Markup Language. SGML 
made inroads in the publish- 
ing world, especially at the 
U.S. Government Printing 
Office, and it became an inter- 


| national standard in 1986. 


Still, SGML was largely un- 
known until 1990, when Tim 


| Berners-Lee, inventor of the 
| World Wide Web, created Hy- 


pertext Markup Language as a 


| subset of SGML. Soon, every 


type of document and data 


| was being littered with tags 

| at the beginning and end 

| of text elements like this: 

| <tag>and</tag>. Then Exten- 


came along in the late 1990s, 
and the IT world hasn’t been 


| the same since. 


UICK= 
Tuy" 


In fact, it seems that hardly 
a day goes by without a 
new markup language 
being announced or 
described. Indeed, 

* Computerworld has 
published separate 
QuickStudies on 10 


| markup languages, and that 

| just scratches the surface. A 

| Google search on “markup 

| language” returns more than 
| 6 million pages. 


Thus we present this short- 


| hand guide to current markup 
| languages. It certainly doesn’t 
| cover them all, but it does give 
| an idea of the flexibility and 


power of the concept and how it 
is being used. Most are simple 
extensions of XML or document 
type definitions specialized for 
a particular area of interest, 
but some are quite complex. 


The Languages 
= Business Process Execution 
Language: BPEL is designed to 


| runa series of Web-based 


transactions and/or character- 
ize interfaces that are needed 
to complete Web-based trans- 


| actions. It’s used for modeling 
| business processes, with spec- 


ifications for transactions and 


| compensating transactions, 
| data flow, messages and 
| sible Markup Language (XML) | 
| rules, security roles, and ex- 
| ceptions. QuickLink 54724 


scheduled events, business 


® Cell Markup Language: 


| CellML stores and exchanges 


| computer-based mathematical 
models, allowing scientists to 
share models even if they use 
different model-building soft- 
ware. It also enables them to 
reuse components from one 
model in another, thus acceler- 
ating model building. CellML 
includes mathematics and 


| metadata by leveraging existing | 


languages, including MathML. 


= Chemical Markup Language: 

| CML is a new approach to 
managing molecular informa- 

| tion that uses recently devel- 
oped Internet tools such as 

| XML and Java. Based strictly on 
SGML, it’s capable of holding 
extremely complex information 
structures and can therefore 

| act as an interchange mecha- 
nism or an archiving tool. It 

| interfaces easily with modern 

| database architectures, such 

| as relational or object-orient- 

| ed. Most important, a large 

| amount of generic XML soft- 

| ware to process and transform 

| it is already available from the 
community. www.xmi-cml.org 

| ™ DARPA Agent Markup Langu- 

| age: XML has a limited ability 

| to describe the relationships 

| between objects. DAML ex- 

| tends XML by using ontologies 

| — explicit formal specifica- 

| tions of how to represent the 

| objects, concepts and other en- 

| tities in a particular area of in- 

| terest, along with the relation- 

| ships among them. 

www.daml.org/about.htmi 


| 


| @ Dynamic Markup Language: 


| DML is an XML-based lan- 
| guage designed specifically 
| for object-based graphics con- 
| struction and the development 
| of user interfaces. Similar to 
| HTML, it includes extensions 
| that support calculations, ar- 
gument-passing and variable 
| storage. www.rockiyte mami 
= Directory Services Markup 
Language: DSML defines the 
data content and structure of a 
| directory and maintains it on 
distributed directories. DSML 
gives developers a simple and 
| convenient way to implement 
XML-based applications on 
| the Internet. Such support is 
| crucial to e-commerce appli- 
| cations. QuickLink a6820 
® Financial Products Markup 
Language: FPML is a business 
information exchange stan- 
| dard for electronic trading and 
| processing of financial deriva- 
tives instruments. It establish- 
| es a protocol for sharing infor- 
mation on and dealing in de- 
rivatives and structured prod- 
| ucts. www.fpml.org/index.html 
® Hypertext Markup Language: 
The backbone of the Web, 
HTML is based on a dialect of 
| GML that was previously used 
at CERN. Its primary innova- 
tion was to allow simple hyper- 
text links from one document 
| to another. www.w3.org/ 
MarkUp 
= Human Markup Language: 
| HML is part of an effort to pro- 
| vide a framework for the over- 
all human communication 
| process, including areas and 





The Nonmarkup MLs 


Not every language or acronym ending in “ML” 
represents a markup language. Here are the 
best-known 


exceptions. 

@ ML: “ML” originally stood for “metalanguage,” but 
it's a general-purpose programming language designed 
for large projects. There are two main dialects in use to- 
day: Standard ML (SML; see www.dcs.ed.ac.uk/home/ 
stg/NOTES), a mathematically defined version of the lan- 
guage formulated in part by some of the original lan- 
guage developers; and Objective Cami (OCamI: see 
http://camL.inria.fr/), an offshoot version from the original 
ML to which features are added at will without being de- 
fined in a standard. Other related languages inciude 
Extended ML (EML; see /tip;//homepages.inf.ed.ac.uk/ 
dts/emi) and Alice ML (www.ps.uni-sb.de/alice). 

ML and its variants are purely functional languages 
and don’t allow any assignment to storage. These func- 


a 
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tional languages are difficult to program in, but their pro- 
grams are much more amenable to formal analysis and 
proofs of correctness. 

= Unified Modeling Language: UML is a standard 
notation for modeling real-world objects as part of devel- 
oping an object-oriented design methodology. UML is 
used for modeling application structure, behavior and ar- 


g 
2 
E 
E 
: 


tures. Vendors of many computer-aided software engi- 
neering products support the language. UML was devel- 
oped from methodologies that also describe the process- 
es in developing and using the model. (www.uml.org) 

= YAML Ain’t Markup Language: YAML is an inter- 
national collaboration to make a data-serialization lan- 
guage that is both readable by humans and computation- 
ally powerful. (www. yaml.org) 


~ Russell Kay 
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concepts such as thought, 
emotions, behaviors, kinesics, 
beliefs and facial expressions, 
through graphical or text- 
based representation. It goes 
way beyond emoticons! 
www.humanmarkup.org 

Materials Markup Language: 
MatML was developed for the 
interchange of materials infor- 
mation. www.matml.org 

Multimedia Retrieval Markup 
Language: MRML unifies ac- 
cess to multimedia retrieval 
and management software 
components to extend their 
capabilities. www.mrmi.net 

Physical Markup Language: 
PML is a simple, general lan- 
guage for describing physical 
objects and environments for 
industrial, commercial and 
consumer applications. PML 
allows modularity and flexibil- 
ity so it can be used in moni- 
toring and controlling a physi- 


and then 





cal environment. Applications 
include inventory tracking, au- 
tomatic transactions, supply 
chain management, machine 


| control and object-to-object 


communication. http://web.mit 
edu/mecheng/pmi/index.htm 
Security Assertion Markup 
Language: SAML is an XML- 
based framework for commu- 
nicating user authentication, 
entitlement and attribute in- 
formation. It allows business- 
es to make assertions regard- 
ing the identity, attributes and 
entitlements of a subject 
(often a human user) to other 
entities, such as a partner com- 
pany or another enterprise ap- 
plication. www.oasis-open.org/ 
committees/security/faq.php 
Services Provisioning Markup 
Language: SPM is a framework 
for exchanging user, resource 
and service provisioning in- 
formation between applica- 


it hits you:// 
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tions and organizations. 
luickLink 41908 
Speech Synthesis Markup 


| Language: SSML assists in the 


generation of synthetic speech 
in Web software and other ap- 
plications by providing a stan- 
dard way to control speech as- 
pects such as pronunciation, 
volume, pitch and rate across 
different platforms. 
y3.org/TR/speech-synthesis 
User Interface Markup Lan- 


| guage: UIML permits the cre- 


ation of user interfaces for any 
device, target language and op- 
erating system on a device. It 


| describes three things: the ap- 


pearance of a UI, user interac- 
tion with the UI and how the 
UI is connected to the applica- 
tion logic. www.uiml.org 


Voice Extensible Markup Lan- 


| guage: Voice-activated applica- 


tions are increasingly common, 
and VoiceXML specifies com- 





mon features to help ensure 
portability between platforms. 
www.voicexmi.org, 

Wireless Markup Language: 
WML describes content and 
formats for presenting data on 
limited-bandwidth devices 
such as cellular phones and 
pagers. Rather than attempt- 
ing to deliver the same Web 
page content you would see 


| ona PC, WML presents main- 


ly text-based information opti- 
mized for mobile devices. 
QuickLink a6800 

Extensible Access Control 


| Markup Language: XACML is an 


XML-based schema that was 


| designed for creating policies 


and automating their use to 


| * 
control access to disparate de- 


vices and applications on a 

network. QuickLink 38180 
Extensible Markup Language: 

XML was created to combine 


| the extensibility of SGML with 


LINUX WORKS WITH ANY PLAN. 
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| Are there technologi 
| to learn about in QuickStudy? Send your 


the simplicity and wide sup- 
port of HTML. Basically a 
subset of SGML, it’s simpler 
and easier to implement and 
allows most of SGML’s capa 
bilities. XML was approved as 
a standard by the World Wide 
Web Consortium in 1998. 
QuickLink a6790 @ 55873 

Kay is a Computerworld con- 
tributing writer in Worcester, 
Mass. You can reach him at 
russkay@charter.net. 
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For information on other markup anguages, 
visit our Web site 
QuickLink 55772 
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Dealing Wit 


Who's Only 


As our security manager realigns the work- 
load for her team, she confronts an infor- 
mation security officer who’s weak in most 
technical areas. By C.J. Kelly 


AVE YOU EVER watched 

a so-so movie, eaten at 

a so-so restaurant or 

attended a so-so the- 
ater production? Such activi- 
ties are time-fillers, but they 
don’t really add much to your 
life. I have a very hard time 
with nonproductive, nonedify- 
ing activities. I don’t go back 
to so-so restaurants, and I 
don’t recommend so- 
so movies or plays. If 
a book doesn’t grab 
me, I don’t finish it. 
Life is short, and each 
thing I do needs to 
mean something and 
be of value. 

So, what happens when you 
manage a so-so employee? 
I’m not one to just ignore the 
problem or give the employee 
tasks of no great importance 
just to keep him busy and out 
of the way. All work should 
count and help the organiza- 
tion reach its goals. 

My problem is an underper- 
forming information security 
officer (ISO). She doesn’t have 
a technical background, and 
though she once had supervi- 
sory responsibilities, they 
were taken away because her 
direct reports were complain- 
ing bitterly about her lack of 
management skills. I’m not 
sure exactly how she fell into 
the position of ISO, but I think 
people in the agency we work 
for had been wondering what 
to do with her just when the 
legislative requirements of 
the Health Insurance Portabil- 
ity and Accountability Act se- 
curity rule went into effect 
and it became necessary to 
assign someone ISO duties. 

As happened within many 
organizations that were consid- 
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ered “covered entities” under 
HIPAA, my agency acted with- 
out fully understanding the du- 
ties of an ISO. I'll get to the ba- 
sic misunderstanding behind 
this common mistake later. 

I am now realigning the 
workload among my staff 
members, and as part of this 
task, I must take a hard look 
at the ISO position and make 
a decision about 
who should have 
that responsibility. 

The current ISO 
isn’t performing, pri- 
marily because she 
lacks experience and 
education in the se- 
curity field. I have tried for half 
a year to mentor her, offering 
educational materials and 
pointing her toward webcasts, 
seminars and security white 
papers. It’s like trying to teach 
a foreign language to someone 
who doesn’t have a solid grasp 
of her native tongue. Her in- 
ability to grasp the material is 
apparently due to a dearth of 
foundational knowledge re- 
garding networked computing 


basics (TCP/IP, client/server 
| architecture, LAN/WAN 
| topologies). 





The rate of change in net- 
working technologies is chal- 


| lenging to keep up with, even 
| if you do know the basics. For 


this ISO, it’s impossible. 


| had hoped that she 
would offer to help the 
team. She did not. 


TECHNOLOGY 


anlSO 


-So 


I told the ISO that several 


| other staff members were 
| sorely overloaded but that we 
| had just expanded the staff by 


one employee and it was an 


| opportune time to take a look 


at job responsibilities across 
the team. As I looked at what 
needed to be done by the team, 
I had categorized a host of 
tasks as “adminisdribble” — 
administrative tasks that 


| shouldn't be on the desks of 


senior IT and security staffers. 
Half of those tasks were sit- 
ting on the ISO’s desk. I ex- 
plained that I would be taking 
them off her desk and re-eval- 
uating each of the processes 
to see if they could be stream- 
lined, integrated and automat- 
ed. She became more and more 
uncomfortable as I spoke. 


New Classification 

I listed for her all the job 
responsibilities for the entire 
team and pointed out where 
some members were over- 
loaded. I had hoped that she 
would offer to help the team. 


| She did not. Instead, she 


became defensive and agitat- 
ed and noted that another 
government agency was creat- 
ing a new security classifica- 
tion. She wanted to “wait for 
that opportunity” — a new 
classification. 

I took another tack. I used 
the whiteboard to list the du- 
ties I thought an ISO or senior 
security person should be re- 
sponsible for in regards to ar- 
chitecture and administration. 
Those included policies and 
procedures; intrusion detec- 
tion; firewalls; VPNs; anti- 
virus, antispam and antispy- 
ware efforts; patch manage- 
ment; vulnerability scanning; 
risk assessment; and disaster 
recovery. 

She blurted out, “But those 
are all technical in nature!” 

“Yes, they are,” I responded, 
| “and if I were going to hire a 








security person, these would 
be his or her duties.” 
We were at an impasse cre- 


| ated by that long-ago misun- 

| derstanding about the nature 
| of the ISO position. When the 
| HIPAA security rule went 

| into effect, covered entities 


such as my agency were re- 
quired to designate someone 


| to handle ISO responsibilities. 


Many covered entities noticed 
that roughly 80% of the poli- 
cies and plans required by 


| the HIPAA security rule are 


categorized as “administra- 
tive,” only 5% or so are cate- 
gorized as “technical,” and 
the rest are categorized as 
“physical.” 

Here’s the misunderstand- 
ing: Even though the bulk of 
the policies are deemed ad- 
ministrative, implementing 
the policies is primarily a 
technical exercise. I believe — 
and many may argue with me 
— that writing a good policy 
requires a solid understanding 
of what technologies are avail- 
able to implement the plan. 
You need some technical 
knowledge to be able to visu- 


| alize the plan. You can’t say, 


“Thou shalt do thus” and not 
be able to “do thus.” 

The ISO’s response to the 
situation was painful for both 
of us because we both knew 
that she viewed her position 


| as highly valuable to her. But 


as long as the agency’s ISO 
lacked the technical founda- 
tion to be able to write imple- 
mentation plans and execute 


them, the value to the organi- 


zation was not there. She was 
very good at adminisdribble, 
but we already have an admin- 
istrative assistant for those 
tasks. 

In dismay, she asked if I 
would rewrite her job descrip- 
tion and let her know what I 
wanted her to do in alignment 
with the agency’s needs. Our 
next meeting is in two days. D 


This week's journal is written by a real 
security manager, “C.J. Kelly,” whose 
name and employer have been disguised 
for obvious reasons. Contact her at 
mscjkelly@yahoo.com, or join the dis- 
cussion in our forum: QuickLink a1590 
To find a complete archive of our 
Security Manager's Journals, go online to 
@computerworld.com/secjournal 
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Microsoft to Host 
Hackers Regularly 


Microsoft Corp. is working on 
plans to make a recent hacker 
meeting held on its campus a 
twice-yearly event, according 
to a spokesman for the ven- 
dor’s security group. The com- 
pany plans to host another 
Blue Hat security event this 
fall. In sessions at the initial 
Blue Hat event, security re- 
searchers demonstrated to 
Microsoft executives and 
developers how flaws in the 
vendor's products could be 
exploited. 


Securing Data 
With Fingerprints 


Atmel Corp. and Bionopoly 
LLC’s FingerGear division in- 


is available initially with a 
256MB capacity for $149. 


Netsky, Mytob Top 
Viruses in July 
Sophos PLC reported that the 


German teenager Sven 
Jaschan. However, variants of 
the Mytob worm dominated the 
polls, accounting for seven of 
the top 10 positions and more 
than 37% of all viruses report- 
ed to Sophos during the month. 


Spam Prevention 
Engate Technology Corp. an- 
nounced Engate MailSentinel, 
which uses patent-pending 
technology to prevent unwant- 
ed or malicious e-mail from 
leaving the source. Rather 
than analyzing the content of a 
message to determine its legit- 
imacy, MailSentinel analyzes 
the actual SMTP session to de- 
tect the tricks used by spam- 
mers to hide their identities. 
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HACKERS, VIRUSES, 
AND WORMS 


ARE MET WITH SWIFT 
AND DECISIVE ACTION 
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Find the tools and guidance you need for a well-guarded network 


at microsoft.com/security/IT 


Microsoft Windows XP Service Pack 2: Download it for 
free and get stronger system control and proactive protection 
against security threats. 


Free Tools & Updates: Download free software like Microsoft 
Baseline Security Analyzer to verify that your systems are 
configured to maximize security. Manage software updates 
easily with Windows Server Update Services. 


» Microsoft Risk Assessment Tool: Complete this free, Web-based 
self-assessment to help you evaluate your organization's security 
practices and identify areas for improvement. 


» Internet Security and Acceleration Server 2004: Download 
the free 120-day trial version to evaluate how the advanced 
application-layer firewall, VPN, and Web cache solution can 
improve network security and performance. 


Microsoft 
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A STROLL THROUGH THE TECHNOLOGY LANDSCAPE 


Japan Aims to 
Be Tops in FLOPS 


Melia iH 


Eta sie) ume MOLT) 
physicist, mathematician and chemist, 
developed his “coincidence circuit,” 
considered the first AND logic gate. It 
was developed to detect cosmic ray 
events and high-energy particles. The 
IMM m a le mime 
technology, such as the design of 
radar circuits in the 1940s. 

The main idea of coincidence detec- 
UMM UTM lee Mellin lm ulti (t 
some particle (called “clicks”), this is 
quite likely (with a certain probability 
p) not a real event but thermal or oth- 
er noise. But if two detectors click 





m@ OFFICIALS IN JAPAN have announced that 
the country intends to build a supercomputer 
that will be 73 times faster than today’s top 
computer. 

The current champ, IBM's Blue Gene, can 
handle 136.8 trillion floating-point operations 
per second, or TFLOPS. The Japanese educa- 
tion and science ministry plans to develop a 
machine that could operate at 10 PFLOPS, or 
10 quadrillion calculations per second. It's tar- 
geted to be up and running by March 2011. 

So, what will this gorilla of a computer do? 
Obviously no machine for small tasks, it will be 
used to model the formation of the galaxy, 
track climate changes and simulate human re- 


| actions to new drugs. In general, supercomput- 


simultaneously, the probability that 
it’s still a noise event is extremely re- 
duced. This technique therefore great- 
ly improves signal-to-noise ratio. 

The coincidence circuit must be able 
to differentiate between two signals 
that come at the same time from those 
that are more than a few microsec- 
onds apart. Designing such electronics 
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ers are used for scientific calculations that 
would be impossible on any but the blindingly 


| fast number crunchers. 


Japan's Earth Simulator had been at the top 
of the supercomputer heap until it was dis- 
placed by Blue Gene in 2004. At present, the 


three fastest machines in the world were all de- 


veloped in the U.S. Observers of the technol- 
ogy market noted that Japan’s latest project 
has been triggered both by the desire to com- 
pete with Western nations and to hold off 
China, its rising regional technology rival. 

Japan has budgeted $900 million to devel- 
op the 10 PFLOPS computer. 


Page compiled by Tommy Peterson. 


was a major achievement at Bothe’s 
CUR Me Sr LR UL) 
1954 Nobel Prize in physics. 

As the first AND logic gate, the co- 
incidence circuit represents one of the 
most basic building blocks of digital 
Tce 

Most logic gates have two inputs 
and one output. At any given moment, 
every terminal is in one of the two bi- 
TEM Acme im CO Mem aD 
MO eC MAC emi e lt el: oe 
The logic state of a terminal can and 
generally does change often as the cir- 
meee tee 

The AND gate is so named because 
it acts in the same way as the logical 
“and” operator. The output is “true” 
when both inputs are true. Otherwise, 
the output is false. @ 55921 
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GROVES OF ACADEMIA 


Augmented Reality for 
Poultry Trimmers 


= TECHNOLOGY that displays com- 
puter-generated information on the 
physical world is being tested in poul- 
try plants to improve communication 
between computers and workers. 

Using augmented reality (AR) tech- 
nology, researchers at the Georgia 
Tech Research Institute (GTRI) have 
designed two systems that project 
graphical instructions from an auto- 
mated inspection system onto birds on 
a processing line. These symbols tell 
workers how to trim or whether they 
should discard defective products. 
Right now, inspection is done visually 
by human screeners, who communi- 
cate with trimmers using hand ges- 
tures. But an automated system devel- 
oped and field-tested by the GTRI is 
being commercialized, and poultry 
plants are likely to implement the tech- 
nology soon, according to J. Craig 
Wyvill, head of the GTRI Food Technol- 
ogy Processing division. 

Two AR systems developed by pro- 
fessor Blair Macintyre and colleagues 
Parth Bhawalkar, a graduate student, 
and Simeon Harbert, a GTRI research 
engineer, address these commercial 
requirements. 

The first uses a location-tracked, 
see-through, head-mounted display. It 
overlays graphical instructions on a 
trimmer's view of the bitds. The sec- 
ond uses a laser scanner, mounted in 
a fixed location near the processing 
line, to project instructions onto each 
bird that requires an action, such as 
trimming. In this approach, the product 
rather than the user must be tracked. 


One augmented reality system uses 
a location-tracked, see-through, 
MMC ENE 
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Scalix Offers App 
For PIM Choice 


® Scalix Corp. announced its new 
Scalix Wireless Solution, which 
lets users choose the wireless 
service carriers and devices they 
use to send and receive e-mail, 
maintain contacts and calendars, 


and manage personal information | 


management functions. The ap- 
plication supports all BlackBerry 
and Palm OS devices, including 
the Treo, along with a variety of 
Windows Mobile devices such as 
the HP iPaq and smart phones 


from Samsung Corp. and Motoro- | 


la Inc., according to Scalix. The 
software, which starts at a one- 
time server list price of $1,000 
and a monthly per-user fee of $10 
for 100 users, supports all major 
wireless services. 


Troux Updates 
Modeling Tool 


@ Troux Technologies Inc. has 
begun shipping Metis Enterprise 
5.0, a visual modeling tool for 
managing enterprise architec- 
tures. The system, which Troux 
acquired when it purchased Nor- 
way-based Computas Technology 
AS earlier this year, can help cen- 


tralize the management of IT gov- | 


ernance processes, said Troux. 
Customers can choose desktop, 
workgroup or enterprise prod- 


ucts. Pricing varies based on cus- | 


tomer needs and customization. 


Electric Mail Offers 
Updated Service 


@ Electric Mail, a provider of 
managed secure e-mail services, 
has announced an enhanced 
version of its PerimeterProtect 


service, which provides spam and 


content filtering and virus block- 
ing for business e-mail systems. 
The new version includes im- 
proved message quarantining and 
tighter integration with Microsoft 
Exchange Server 2003 and Ex- 
change Server 2000, according 
to the company, which is a wholly 
owned subsidiary of j2 Global 
Communications Inc. Pricing 
starts at $2 per user per month. 
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Time for a New View 
Of Data Management 


ATABASE MANAGEMENT is in a crisis, 
one that’s only partly recognized. The 
horrors of data integration may be well 
known, but they’re only the tip of a much 
larger iceberg: schema complexity. Pro- 


grammers, system architects, 
and database administrators 
focusing on design and oper- 
ation alike — all their jobs 
are made immeasurably 
harder by the boggling com- 
plexity of relational schemas. 

As schema diversity ex- 
plodes, the pure relational 
model is collapsing under its 
own weight. We must replace 
it with a radically different 
view of data management, 
which I’m calling DBMS2, for 
database management system 
services. The key aspects of 
DBM32 include the following: 

@ Task-appropriate data managers. Just use 
whatever is cheapest and simplest for 
each set of applications. Possible choices 
include but are not limited to cheap on- 
line transaction processing DBMSs, high- 
end OLTP DBMSs, data warehouse ap- 
pliances, XML-based document stores, 
highly distributed and/or smail-footprint 
DBMSs, in-memory systems without their 
own persistent storage, or cross-corpus 
indexers without their own storage. 

® Drastic limitations on relational schema 
complexity. Relational schemas shouldn’t 


go far beyond two simple models: master- 


detail for transactions, and hypercubes/ 
star schemas for analytics. Anything in- 
herently more complex is, with rare ex- 
ceptions, better handled via the schema 
flexibility of XML. If you need to access 
data from a legacy application that vio- 
lates these precepts, do so via XML- 
based Web services. 

® Both XML-based and relational information 
integration. Eventually, most DBMS2 data 
integration will be done via XML. But 
relational enterprise information inte- 
gration will long have a role to play, 
such as connecting core OLTP and data 


warehouse systems. 
DBMsS72 is the antithesis 
of much current database 
theory. Rather than fighting 
modularity, DBMS2 em- 
braces it. Rather than gath- 
ering administrative tasks in 
one huge hairball, it spreads 
them across many simple 
systems. Above all, unlike 
the Oracle pipe dream of a 
grand unified enterprise re- 
lational database, DBMS2 is 
a pragmatic, realistic contin- 
uation of what every large 
enterprise is doing today. 
The need and opportunity for DBMS2 
are driven by two overlapping trends: 
platform change and schema explosion. 
For starters, DBMS2 depends on the in- 
creasing availability of XML and Web 
services technology. It will be years be- 
fore XML-based data-manipulation lan- 
guages are sufficiently robust to handle 
the requirements of DBMS2, but those 
developments will happen, and most big 
software vendors will provide strong 
support for them in a timely manner. 
Beyond that, one of the biggest rea- 
sons for embracing DBMS2 is a flood 
of low-cost alternatives to traditional 
DBMSs. For most enterprises, relational 
OLTP is approaching commodity status. 
| Microsoft SQL Server is following Ora- 
cle up the food chain, while MySQL 
(which is even slated for SAP certifica- 
tion in two to three years, or maybe less) 
nips at Microsoft’s heels. 
Even more important, there’s been 
an explosion in ultracheap OLAP tech- 
nologies, both in-memory and in appli- 
ance formats. Most of these have very 
simple indexing schemes — some have 
no indexes at all — which yields huge 
| TCO advantages in storage costs and 








administrative overhead alike. 

The opportunity provided by these 
fledgling technologies might seem bal- 
anced by obvious risks. But before long, 
embracing them will be the only viable 
choice. The primary reason is schema 
explosion, on multiple fronts. 

First, there’s an explosion in profiles. 


| CRM customer profiles (ideally with full 


Web site click-trail data), vendor pro- 
files, security-oriented user profiles, you 
name it — in almost all cases, the avail- 
able information, and types of informa- 
tion, vary from one profilee to the next. 
Mobile/pervasive devices just worsen 
the problem, adding complexity in terms 
of location, availability and form factor. 
Centralized, pre-DBMS2 master data 
management will never succeed. 

Second, text documents are becoming 
an ever bigger part of IT, be they com- 
plex forms and contracts, maintenance 
manuals, health records, Web marketing 
content or just e-mail. Documents are 
commonly unpredictable in structures 
and sometimes in authoring and editing 
metadata as well. And the ultimate solu- 
tions to making text search work will de- 
pend on further schema extension and 
variability, in a number of respects. 

Finally, IT needs to be infused through- 
out with representations of trust. Securi- 
ty, compliance, missing data — they all 
ultimately require some formalized hier- 
archy of trust. So do the multiple uncer- 
tainties of search engine results, docu- 
ment author reliability, planning fore- 
casts and the like. The final resolution of 
these issues will require schema com- 
plexity beyond what relational systems 
can realistically handle. 

Should you throw out Oracle and DB2? 
Hardly. But maybe you should reduce 
your reliance on them. The move to 
DBMS2 lets you exploit a variety of data- 
base technology advances from a variety 
of vendors. For specific product ideas, 
see my blog at www.computerworld.com/ 


blogs/monash. @ 55953 
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In the Dark | Career Wath = | OPINION: 
feel isolated, hostile 
and just plain tired. 
Here are some tips for 
keeping them happy 


€ yhat a rise in IT pay "ee Business leaders can be reluctant to 
may say about offshore P ™ serve as the executive sponsors of 
outsourcing; the latest on ‘ an IT project. Don’t let them off the 
tech job cuts; and CEOs’ ; hook, Bart Perkins says. He offers 
and productive in the expectations for the { some suggestions to get your 


wee hours. Page 42 economy. Page 44 F executives to commit. Page 46 
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RACE YOURSELF: You could be legal- 
ly responsible for worldwide net- 
work security. 

OK, that may be an overstate- 
ment, but it does capture the 
essence of what’s ahead. 

Companies that pass viruses, 
worms or any type of malware to 

other companies via electronic transmissions such as 
e-mail could find themselves in court, say legal and 
security experts. And they could be held liable for 
damage done, even if they unintentionally spread 
such cyberpests. 

“There’s very little question that it’s going to come. 
The concept of due diligence has done nothing but 
push its way out into the consciousness of everyone in 
this country,” says Charles Hibnick, chief systems secu- 
rity architect at AvMed Health Plans Inc., a health in- 
surance company in Miami. 

The stage is being set for such action, experts say. 
Federal laws, government agencies and private orga- 
nizations are setting new standards for network and 
Internet security. Meanwhile, lawyers are testing var- 
ious legal theories for punishing cyberspace crim 
nals. And some companies with established relation- 

ships are signing contracts detail- 
ing security expectations that pro- 
hibit even the accidental transmis- 
sion of malware. 

New insurance Given all this, can litigation be 

options address [BEVmuies 

liabilities from “I do think we are looking at this 

“Suara type of litigation in the future. And 
I think it’s going to happen sooner 
rather than later,” says Rodger 
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Cole, a litigation partner at Fenwick & 
West LLP in Mountain View, Calif. 

In fact, some companies are already 
pursuing other businesses, albeit qui- 
etly, to recoup losses resulting from 
computer-related problems, says Julie 
K. Davis cutive vice president at 
Aon Affinity Insurance Services Inc. in 
San Jose and co-author of e-Risk: Lia- 


We are looking at 
[malware damage] 


| 
| 
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else’s security. And that’s even more true 
when you have a closer relationship with 
someone,” Manion explains. “When you 
open the door to someone else, you’re 
just extending the trust — and the risk.” 
Companies might think their bor- 
ders are secure, but if they have a con- 
nection to a business partner, perhaps 
that partner’s borders aren’t as strong, 
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a dare mee 
Can Do 


litigation in the 


. C Te Manion says. That’s a weak link that 
future. And I think can let something bad get through. 
its going to “There certainly is a great deal of 

c = qe concern regarding the impact of 
happen soonel es on the modern enterprise and 


rather than later. infrastructure. The impact can be ex- 
traordinary, and the results can be dis- 
RODGER COLE, 


astrous, attorney Gregg Kirch- 
LITIGATION PARTNER, 


bilities in a Wired World. 

Some cases involve companies inad- 
vertently releasing viruses, worms and 
the like, she says. Others involve con- 
tractual liability in situations where 
companies had agreements to keep 
systems secure. Davis says these cases 
haven’t wound up in court — yet — 
because executives prefer to avoid the 


| 

| 

| 

| 

| 

| hoefer, a partner in the intellectual 
media spotlight on such issues. 

| 

| 


property and technology transaction 
practice at Kirkland & Ellis LLP in 
Chicago. 


“You certainly have claims. What ee ee ee ee es ee 
people usually do is turn it against 
their own corporate insurance poli- 
cies,” she says, adding that traditional 
policies generally won’t cover such 
claims, however. 
































































Viruses, worms, Trojan horses, bot- 
net zombies, distributed denial-of-ser- 
vice attacks, hacking, blended threats — 
they’re all out there, and many can hitch 
rides with e-mails and electronic trans- 
missions, including instant messages. 

“We're up to 60,000 different viruses 
out there,” observes Jeff Platon, vice 
president of product and technology 
marketing for security at Cisco Sys- 
tems Inc. 

The threat is growing as computers 
and systems become increasingly con- 
nected, not only through the Internet 
but through business partnerships that 
establish connections and interfaces. 

“My security depends on everybody 


Implement and maintain security 
ir ecoM Ua LecMC Lert elma elt g 
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Creative Litigation 

Bringing legal action in such cases is 
complex, experts say. It’s difficult to 
quantify loss: How can a company 
prove the exact dollar amount of lost 
business if a virus knocks out e-mail for 
a day? It’s also difficult, if not impossi- 
ble, to prove the origins of malware. 

“But certainly a creative lawyer 
could come up with a variety of meth- 
ods in which liability could be in- 
ferred,” says Sandra A. Jeskie, a partner 
in the trial department at Philadelphia- 
based Duane Morris LLP and a mem- 
ber of the board of the Computer Law 
Association. “I could see a negligence 
claim, even if it might be difficult to 
prove. I could make an argument that 
if you got infected and transmitted it to 
me, you did not properly protect me 
because you were so lax.” 

The question of negligence comes 
down to established standards, and 
computer security standards are evolv- 
ing. Federal laws such as the Sarbanes- 
Oxley Act and the Health Insurance 
Portability and Accountability Act, 
along with industry standards such as 
ISO 17799 and BS7799, have created ex- 
pectations for companies to meet. 

“Companies have to be aware that 
their behavior, their security and their 
technology will be measured against 
something, either standards in the in- 
dustry or what they told their cus- 
tomers they’d be doing,” says Melise R. 
Blakeslee, a partner in the Washington 
office of the technology transactions 
and e-business group at law firm 
McDermott Will & Emery LLP. 

Claiming negligence isn’t the only 
potential legal strategy. Some lawyers 
say trespass, intentional interference 
with existing or prospective business 
relations and disturbance of quiet en- 


See muV Um ella creel me (sler-tacuileil 
to ensure that IT meets contractual 
STMT ANAC ELM Lil ea CN Mel tc) 
R. Blakeslee of McDermott Will & 
Emery says she’s concerned that 
contracts stipulating security steps 
that partner companies must take 
“just get signed and put in the 
drawer.” 


Dangerous Times 
Given the state of electronic communi- 
cations, the potential for getting into 
trouble is staggering. 

“If you're operating on the Internet 
today, there is some level of constant 

activity,” sa’ 

Internet security analyst at the CERT 
Coordination Center at Carnegie Mel- 
lon University’s Software Engineering 
Institute. 


te Ver CR Ue ceoeel len Muir Elie 
how to spot it, avoid it and report it. 


Enforce computer-related employ- 
lem ele) |e cromm ora Ua Nm UCelstee-lerel ant 
downloading unauthorized software. 


Deploy software that scans for 
unauthorized software. Nancy Flynn, 
executive director of The ePolicy In- 
stitute, points to employees’ use of 
instant messaging as a prime reason 
for this step. “Malicious parties who 
want to spread viruses are using in- 
stant messaging, and by far the ma- 
jority of employees who are using in- 
stant messaging are using free soft- 
ware, and companies have no tools 
TAMER OMe mC MMSE MCT Ne 


Limit access to your system. Art 
EVN UMI URN leila eT Amr Tar UN csi 
at the CERT Coordination Center at 
Carnegie Mellon University, pro- 
motes the concept of “least privi- 
lege,” where IT departments give 
users and business partners only the 
access they need. “Don’t give some- 
one more access just because it’s 
Pe METS Ce 

- Mary K. Pratt 
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joyment could apply as well. 

“These are common law doctrines 
from England. Here the disturbance 
would be disturbing your own right 
to use your computer servers,” Cole 
explains. “[Lawyers] have creatively 
used old legal doctrine to address the 
question of liability with spam, and I 
think the next wave of litigation will 
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be in the virus area.” 

Far-fetched? Not quite. Jeskie points 
to the case of Intel Corp. v. Hamidi 
in 2003, where Intel accused former 
employee Kourosh Kenneth Hamidi 
of trespass for inappropriate use of 
e-mail. Although Intel was unsuccess- 
ful in its claim, Jeskie says the well- 
known case shows how old laws 


| can be used today. 

Companies are also using contracts 
to prevent such situations, experts say. 
“Tt is becoming increasingly common 
to see a clause that deals with the other 
party’s duties to deal with worms and 
viruses and other types of things that 
can cause disruptions,” Blakeslee says. 

These clauses give companies an- 
other course of legal action: They can 
claim breach of contract if malware 
gets through and the contractual secu- 
rity measures weren't up to snuff. 

“You can track the use of that lan- 
guage with the growth of viruses,” 
Kirchhoefer says. 

Not everyone sees increasing litiga- 
tion forthcoming, however, especially 
in cases where malware is passed 
along via e-mail. 

“Yes, people are thinking about the 


| virus through an e-mail looks to be one 
of the more difficult places for a suc- 
cessful lawsuit. And if you see a case 
like that, it’s going to be a real fluke,” 
says Benjamin Wright, a Dallas attor- 
ney who wrote Business Law and Com- 
puter Security (SANS Press, 2004). 

Kirchhoefer agrees that a negligence 
lawsuit against a company that passed 
along malware via e-mail would be a 
hard case to win. After all, he says, 
both companies share responsibility 
for keeping their systems safe. 
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Liability for 
sending a virus 
through an e-mail 
looks to be one of 
the more difficult 
places for a 
successful lawsuit. 


BENJAMIN WRIGHT, ATTORNEY 
AND AUTHOR OF 


But that won’t keep companies from 
filing suit, some say. 
“We're always looking for someone 


| else to assume the blame, to assume 


the liability,” says Nancy Flynn, 
founder and executive director of The 
ePolicy Institute in Columbus, Ohio. 
“So it would make sense that at some 
point someone will try to sue over the 
issue of a virus getting into the sys- 


tem.” @ 55572 





Pratt is a Computerworld contributing 
writer in Waltham, Mass. Contact her at 
marykpratt@verizon.net. 
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‘Prosumers 


The new wave of handheld consumer devices in the 
workplace means new headaches for IT managers. 
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N IT MANAGER wandering | 
through the exhibits at a | 
mobile and wireless com- 
puting expo might well | 
wonder where the explo- 
sion of new applications 
and devices, many created for the con- 
sumer world, will lead. | 
How can a company even begin 
to manage live TV on cellu- 
lar phones? How will the 
proliferating wireless 
e-mail be stored? How will 
it all be made secure, with 
so many different networks and 
devices and applications? 
Companies have faced, and some- 
times ignored, the demands of manag- 
ing handhelds and wireless devices for 
years. IT managers waver between two 


IN AN APRIL REPORT, Gartner delineat- 
ed three logical levels of support for hand- 
helds and smart phones, from treating 
ti acta ems Nc 
at 

The authors of the report prefer the 
middle road. “There must be a more toler- 
ated kind of support given users apart 
from bans or fully supporting them,” says 
analyst and co-author Roberta Cozza. 

The tolerated approach gives IT a 
“saiety valve for the inevitable claim from 
users that there is something better on 
the market,” she notes. 

This approach requires that IT do 
the following: 


approaches: Throw open the flood- 
gates and try to accommodate what’s 
coming, or throw up your hands and 
ban everything except what you deem 
acceptable. 

But the problem will become more 
complex as new college grads arrive 
at work — and bring the consumer- 
focused devices and applications they 


see not as toys but as essen- 
tial tools they have integrat- 
eh ALLE ed into their lives. 
py BLEN When a young “prosumer” 
(short for professional/ 


consumer) shows up with streaming 
video clips, live broadcast TV and a 
whole range of instant messaging, col- 
laboration and music-downloading 
options on his smart phone, how will 
IT hold the line on standards? 


® Provide data-interface support to 
personal information manager (PIM) and 
e-mail applications, as long as the user 
makes the connection through software 
selected by his company. 


® Select PIM and e-mail synchroniza- 
tion applications that support a wide 
range of consumer handhelds. 


® Provide strict security guidelines and 
handheld policies, and clearly explain 
them to users. 


® Install security software on a server 
that enforces a password when a user 
powers on. 


= Encrypt stored data. 
" Refuse to purchase devices for the 


or develop applications for the handhelds. 





And if he wants to use the device for 
work-related e-mail, access to corporate 
databases or storage of corporate data, 
will IT restrict the access pathway? 
What happens when that worker resists 
using separate devices for work and 
personal life? Will IT allow frivolous 
functions to run on the same approved 
devices as mission-critical ones? 

Analysts say that over the next 
two years, these and other scenarios 
will force IT managers into the role 
of enforcer as never before. “The 
IT department has to do something 
about more and more consumer-type 
devices entering the enterprise,” says 
Roberta Cozza, a U.K.-based analyst at 
Gartner Inc. 

This will require careful planning at 
the highest management levels to de- 


GUIDELINES 

§ If a company provides handhelds to 
users, it should clearly state that no appli- 
cation development will be supported, 
because it would tax IT resources. 

If a company supports development of 
an unusual custom application, IT should 
choose the device and support and track it 
throughout its lifetime, just as it would a 
desktop or laptop. 

@ |T managers should set up a “cafeteria” 
plan under which users can choose from a 
predefined list of supported hardware and 
software that includes a budget amount 
for each selection, based on actual cost 
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velop policies that control devices and 
applications to limit security lapses 
and IT headaches while still winning 
the support of end users. 


Two Approaches 
Some IT managers are already holding | 
a tough line on handhelds and wireless | 
devices, while others have tried to 
accommodate innovations. 

“Why do we in IT care what that 
new hire just out of college wants to 
run on his phone or device?” says the 
assistant vice president of IT compli- 
ance at a Western bank. (She asked to 
remain anonymous because her com- 
pany is in acquisition talks.) She be- 
lieves the bank should ignore user 
pleas for consumer applications and set 
strict controls on devices and access. 

“You have to protect the enterprise,” | 
she says. “You have to protect the cus- 
tomer. It’s a huge thing for a bank.” 

Lapses that could result in leaked 
customer information could bring se- 
vere federal fines as well as damage to | 
the bank’s reputation, the vice presi- 
dent explains. “That’s huge, and we 
could not be in business if customer 
information got out,” she says. 

The bank limits devices used by 
many of its 2,300 workers. A typical 
knowledge worker carries a laptop, a 
cell phone and a BlackBerry handheld 
capable of transmitting encrypted 
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| e-mail. Handhelds and phones are 


treated like desktop computers, with 
regard to access privileges and rules 
about what data can and can’t be 
loaded on them, the compliance 
officer says. 

Workers aren’t allowed to attach a 
personal device to the bank’s network, 
and they can’t use the Universal Serial 


| Bus ports of their laptops for storing 
| corporate data, to prevent it from being 


transferred to a personal storage device. 
“Control is important,” the bank ex- 
ecutive notes. “You can’t be compliant 


| [with federal rules such as the Sar- 
| banes-Oxley Act] if you don’t have 


control.” 

In contrast, at consumer electronics 
retailer Best Buy Co. in Richfield, 
Minn., 4,000 employees are allowed to 
use a fairly wide range of devices, in- 
cluding BlackBerry and Audiovox 
handhelds and Palm OS devices such 
as the Treo, says Jeff Robles, sourcing 
manager for enterprise products and 
transportation at Best Buy. 

“Given we are a technology compa- 
ny, we understand there are business 
requirements that will govern the use 


| of our devices, so we attempt to man- 


age to the need while mitigating any 
security issues,” he says. 

To do this, Best Buy relies on several 
management software products from 


| Traq-wireless Inc. in Austin, including 


transactions per day for the world’s 


Mobile Source. Traq-wireless says its 
software is designed to reduce costs 

and mitigate security and intellectual 
property risks by giving IT managers 
visibility into which employees have 
which devices and services. 


More to Come 


Regardless of today’s approach, the 


| next few years will challenge IT shops 


to keep up with multiple operating sys- 
tems, wireless carriers, and new de- 


| vices and applications, analysts say. 


“Tt’s going to be a lot worse,” 
says Bob Egan, an analyst at Mobile 


| Competency Inc. in North Providence, 


R.L, citing the proliferation of cheap 


| consumer-centric devices, including 


camera phones and mass storage de- 
vices. “It’s a new frontier. There’s not 
a single company out there doing a 
very good job managing mobile devices 


| as aclass.” 


For example, Egan says, most com- 
panies overlook the issue of protecting 
intellectual property on smart phones. 
When a salesman puts customer con- 
tact data on a phone, that information 
can be lost if he changes jobs. 

Some mobile operators such as 


| Sprint Corp. are beginning to offer ser- 


vices to manage mobile hardware and 


| software, Egan says, but outsourcing 


| 


mobile security is a step many IT 
shops may resist. 


busiest public agency. 


At peak workloads, that’s 51,448 transactions per 
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As for applications, Egan says some 
companies are trying to enforce a 
list of approved software for employ- 
ees, but that’s difficult to implement 
on a practical level. Egan says the 
same management model that corpora- 
tions use for purchasing a laptop and 
provisioning and supporting it should 
apply to a phone or handheld device. 
But with handhelds, rules are harder 
to enforce. 

There are other potential issues, he 
says. What if an employee purchases 
a device himself but uses it for work? 
Can the company demand access to 
the data? And what happens if the 
device is lost or stolen? What about 
archiving e-mail and capturing and 
archiving short text messages? 

“Consumer trends such as text mes- 
sages need to be on the radar of CIOs 
and IT managers, because they are 
translating into main user issues in the 


| enterprise,” Egan says. 


Gartner stated in a recent report 
that the trend of consumer devices 


| entering the workplace “creates havoc 


for IT organizations whose operations 
are based on standards and stable 
platforms.” 

Companies are protecting the front 
end of the organization with a firewall, 
the report says, but the back end is 
protected “only by the good intentions 


of employees.” @ 55580 
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Managing IT workers on 
the night shift raises unique 
challenges. BY JUDY ARTUNIAN 


AST YEAR, a veteran 
IT manager who had 
spent her career work- 
ing traditional busi- 
ness hours at a Cali- 
fornia entertainment company 
switched to a shift that ended 
at midnight. It was an eye- 
opener. “You do nothing but 
sleep and work on the days 
you work. You really feel that 
you have nothing to do with 
the ‘business’ of the business 
anymore. It was the most iso- 
lating experience profession- 
ally I have ever had,” she says. 

For decades, many IT night- 
shift workers have echoed 
similar sentiments. Some peo- 
ple prefer to work during the 
wee hours. But even die-hard 
night owls struggle with the 
physical and psychological 
demands of working when 
everyone else is asleep. 

While it’s difficult to esti- 
mate how many IT profession- 
als are on the job after dark, 
their numbers are likely to 
multiply. “Increasingly, multi- 
national companies are cen- 
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tralizing their applications 


| and related infrastructures to 


achieve lower operating costs 


| and better systems integra- 


tion. Round-the-clock IT op- 

erations are often essential to 
these global initiatives,” says 

Paul Hamerman, an analyst at 
Cambridge, Mass.-based For- 
rester Research Inc. 


| The Fatigue Factor 


Studies show that night-shift 
workers sleep less than people 
who work during the day. 
When fatigue sets in, produc- 


| tivity can plummet. Changing 


sleep hours on days off can in- 
crease the effect. 

“That’s like going to Europe 
for the weekend. If your body 
is usually asleep at a time 


| when you now have to be 


awake and on the job, you'll 
feel drowsy and be more prone 
to accidents and mistakes,” 
says John Eickholt, a physician 
who is medical director of the 
Worthington Sleep Wake Cen- 
ter in Columbus, Ohio. 

Other hardships reported 
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by night workers are rooted 
in feeling disconnected from 
management, especially dur- 
ing shifts when few managers 
are on hand. 

“What often happens is that 
people become a team that 
operates independently of 
the company,” says Betsy Con- 
nelly, president of Circadian 
Technologies Inc., a Lexing- 
ton, Mass.-based research and 
consulting firm specializing 
in extended hours operations. 
“That can lead to creative 
ideas, but also to an adversari- 
al relationship with the rest of 
the company.” 

That animosity can heat up 
if night-shift workers sense 
that they aren’t being heard. 
Renee Cornair, a computer 
analyst who works from 8:30 
p.m. to 7 a.m. at The Orange 
County Register, a daily news- 
paper with headquarters in 
Santa Ana, Calif., says that she 
routinely e-mails managers 
and associates to report issues 
that crop up during the night 
and to suggest resolutions. 

“The problem is that people 
are overwhelmed by e-mail, so 
it’s difficult to get them to read 
those communiqués,” Cornair 
says, adding that important 
information from manage- 
ment can also slip through 
the cracks when meetings are 
held when night workers are 
sleeping. “Without communi- 
cation, you’re cut off from the 
rest of IT, from knowing what 
the business needs are, what 
projects are moving forward, 
what the timelines are, what 
the service levels are evolving 
to,” she says. 

Resolving thorny technical 
problems without the help of 
supervisors can be another 
source of stress. “You can’t just 
know what to fix. You have to 
know why it works and how to 
apply it to different situations,” 
explains Rishi Maharaj, a help 
desk technician on the 4 p.m.- 
to-midnight shift at Willow 
CSN Inc., a Miramar, Fla.- 
based company that provides 
virtual call center services. 


What to Do 


The following are steps that 
IT managers can take to help 
their night-shift crews be more 
productive and content: 
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amount recommended by 
sleep experts. 


® Up to 15% of night-shift 
workers suffer from sleep 
apnea, a potentially fatal 
Pree aMme eT teem TL eel 
to 3% of daytime workers. 


® Employee turnover in night- 
shift operations is 10%, com- 
pared with 3% for U.S. com- 
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= Absenteeism among the 
nighttime workforce is 9%, 
compared with 3% for day- 
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® When night-shift employees 
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SOURCE: CIRCADIAN TECHNOLOGIES INC 


Recognize the night shift’s 
achievements. “They save our 
butts while we’re sleeping,” 
says Christopher Faulkner, 
CEO of C I Host Inc., a Web 
hosting and data center man- 
agement company in Bedford, 
Texas. “During the day, every- 
one can congratulate someone 
who does a good job. But you 
have to make an effort to re- 
ward the night guys.” 

Don’t let low morale fester. 
Connelly advises gauging em- 
ployees’ moods by conducting 
a confidential employee sur- 
vey. In particular, look at why 
employees take sick days. “Ac- 
cording to our surveys, only 
one-third of employee ab- 
sences are related to being 
sick,” she says. “Find out why 
they’re really out.” 

Keep them busy. According to 
Circadian Technologies, the 
more idle time night workers 
have, the higher their rate of 
absenteeism. Connelly sug- 
gests setting work schedules 
around predictable ebbs and 
flows in work volume. If that’s 
not feasible, look for ways that 
employees can fill their free 
time constructively. For exam- 
ple, C I Host recently offered a 
cash bonus to graveyard-shift 
workers who revised one of 
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the company’s online manuals 
during their idle hours. 

Watch those shift times. Be- 
cause of physiology, most peo- 
ple experience a lull in alert- 


| ness between 3 a.m. and 6 a.m. 


That means if you drive to or 
from work during that stretch, 
you have a greater risk of be- 
ing in a traffic accident, Con- 
nelly says. 

Change schedules with care. 
Frequent switching between 
day and night shifts can wreak 
havoc with the body clock. If 
you must rotate shifts, Eick- 
holt says, let employees work 
for two to three months on 
one shift and then move them 
to a later shift. 

At Atlanta-based United 
Parcel Service Inc., computer 
operations employees change 
shifts every four months. “We 
like to give them at least one 
month’s notice. If they have a 
two-working-spouse family 
or a child they need to take 
care of, they can make adjust- 
ments,” says Ed Zolcinski, di- 
rector of worldwide data cen- 
ter operations. “That’s proba- 
bly one of the most important 
things we do for them.” The 
company says its annual em- 
ployee opinion survey shows 
that employees are satisfied 
with this arrangement. 

Create a healthful work environ- 
ment. Eickholt suggests these 
energy-boosting measures: 

@ Install full-spectrum light- 
ing that’s as bright as possible, 
without compromising com- 
fort and safety. 

@ To keep drowsiness at bay, 
provide food choices such as 
fruits, vegetables and nuts 
rather than sugary snacks. 

@ Encourage employees to 
move around. Even short 
walks across the room can 
help ward off sleepiness. 

Finally, tell new night-shift 
workers what to expect. 
“Make sure people understand 
what this kind of commitment 
to the schedule means,” says 
the entertainment company 
IT manager, who requested 
anonymity. “Make sure it’s the 
right fit for the right people.” 
@ 55582 


Artunian is a freelance writer in 
Newport Beach, Calif: Contact 
her at jartunian@sbcglobal.net. 
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Leading an elite team 
on a mission requires 
anew approach 


Convene the elite of your 
company for a world- 
changing project, and you 
have a virtuoso team. 
Talent, energy, ambition, 
intensity, ego, risk — 
these teams have it all 
in spades. And they play 
by a different set of rules. 
In this month’s Harvard 
Business Review, co-authors Bill Fischer 
and Andy Boynton discuss their study 
of virtuoso teams in 20 top companies. 
Boynton, the dean of Boston College’s 
Carroll School of Management, told 
Computerworld’s Kathleen Melymuka 
that at this level, there’s no room for nice. 


What's a virtuoso team? A team that 
has the explicit mission to change the 
world — big change, big objectives, a 
brand-new system never done before. 
A financial services firm we looked at 
worked on a mass customization proj- 
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Throw Out the Rules 


ect — a total revamp to personalize 
financial services. A consumer goods 
company created a global supply chain 


| project. It’s about a breakthrough. And 


[the team is] composed of the very 
best talent obtainable, role by role: a 
team of superstars. 


Yet you say most companies deliberately 
avoid creating virtuoso teams. Why? 
Most companies want to avoid getting 
a bunch of big egos and strong wills on 
a team, because they’re afraid of too 
much tension and conflict. They look 
at who’s available, who has experience, 


| and they look for harmony — people 


that will get along. Not every project 
deserves a virtuoso team, but every or- 
ganization has some projects that do. 


How does the approach to teamwork 
differ? Several things. There’s almost 


| a frenetic energy in how they work. 


It’s far more intense than in a normal 
team. Also, there’s a lot more direct, 
no-holds-barred dialogue. We say a 
polite team will give you polite results. 
These are not polite teams. They work 
together physically and intensely — 
not by e-mail and phone. There is 


| You emphasize close quarters and tight 
| time constraints. What does that do for 





| team manager require? He has to be a 





speed — rapid prototyping and rapid 
movement of ideas. There’s also a very 
clear statement of what they’re trying 
to do and not do upfront. And there’s 
something in it for everybody. 


the team? In concert with other things, 
it ensures true collaboration where 
ideas, not tasks, are the focus. Where 
people are belly to belly and they feel 
they’re under pressure, there’s a lot 
more direct dialogue, a lot of intima- 
cy and an intense blending of skills. 
There’s an acceleration of momentum. 
That’s the way you want to set it up to 
make it work well. 


Why is it so important not to be polite? 
There are so many obstacles to getting 
the best ideas out on the table. Hier- 
archy drives ideas; the boss says some- 
thing, and everybody agrees. Here, 
you’re creating a real marketplace for 
ideas. People aren’t worried about the 
consequences of what they say. 


What kind of characteristics would the 





conduit of ideas from the outside. He 

has to listen extraordinarily well.He | 
has to be supremely self-confident, be- 
cause he’s got to let those egos and the 


billion 


in loans for a leading provider. 
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| “I” soar. Nothing dumbs a team down 


more than everything being “we.” 


| Compromise is the sire of mediocracy. 


It’s not about compromise; it’s about 
getting there. And he has to value fail- 


|} ure as an opportunity to learn. 


What do you think is the biggest challenge in 
managing a virtuoso team? You need a 
manager that understands the rules of 


| the game; someone who’s direct, who’s 
| there to get results, not to be polite; 

| someone who won't let them accept 

| compromises; someone who wants to 

| change the world and will keep that am- 


bitious target in front of them. Leader- 
ship is a contact sport. It’s a whole differ- 
ent environment, and if you don’t know 


| that going in, it can unravel. @ 55578 


In a highly regulated industry, eight million borrowers count 


on fast, reliable service when CA software automates systems 


and processes. To manage your customer relationships with 


the same degree of confidence, call a CA representative at 


1-888-423-1000 or visit ca.com/didyouknow. 
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(CEOs Turn More Glum 


CHIEF EXECUTIVES across the U.S. 
are less confident about the state 
of the economy now than they 
were in the first quarter of this 
year, The Conference Board Inc. 
reported last month in its latest 
survey of CEOs. 
The CEO Confi- 
dence Measure fell 
to 55 in the sec- 
ond quarter, after 
registering at 62 
in the year’s first 
quarter. A reading 
of more than 50 
points reflects 
more positive than 
negative respons- 


Percentage of CEOs 
surveyed who expect 
Cite lm ilies 
to improve in the 
coming months, down 
from 43% in Q1. 


' es. The survey includes about 


100 business leaders in a wide 
range of industries. 

CEOs’ assessments of current 
conditions deteriorated over the 
last quarter. Approximately 44% 
of CEOs claimed that 
current economic 
conditions have im- 
proved, down from 
nearly 59% in the 
last quarter. In as- 
sessing their own 
industries, close to 
38% said conditions 
are better, down 
from approximately 
57% last quarter. 


CEO 


BEV 
Partners, Atlanta 
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sive use of temporary CIOs, or “CIOs 
aca 
In some instances, ClOs are 
brought in on a short-term basis to 
help slash costs, oversee a major ERP 
implementation or help orchestrate 
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named Richard D’Amaro, former di- 
rector of KPMG’s health care practice, 
as its CEO. Computerworld’s Thomas 
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What are some of the skills that clients 
are looking for from ClOs these days? A 
lot of our clients are dealing with regulatory is- 
sues and the necessary skills to optimize their 
applications to make them impactful to the 
overall business. 


FOOTE PARTNERS LLC found signs of 
strong pay growth for several IT skills in a 
survey of some 50,000 IT professionals 
that was released last month. The New 
Canaan, Conn.-based research firm sees 
this upward trend as evidence that offshore 
outsourcing is no longer holding down IT 
salaries in the U.S., as it was as recently as 
last year. Says David Foote, the firm's co- 
founder, president and head of research, 
“Companies have become more aware of 
the difficulties in doing offshoring success- 
fully and achieving anticipated cost sav- 
ings. They're once again investing in their 


OY 


www.computerworld.com 


It used to be that when you went into an or- 
ganization, there were silos - a chief marketing 
officer, a chief financial officer, a chief informa- 
tion officer. Now, for a company to hit on all 
cylinders and serve the customer, the skills that 
used to be very vertical have to become hori- 
zontal and blur more across roles. 


What skills are clients demanding from 
the ClOs they hire in part to handle is- 
sues related to the Sarbanes-Oxley Act? 
The skills are about knowing the regulations and 
the requirements, as well as leadership skills 
and how to implement this with an existing staff 
or an augmented staff. It isn’t just about imple- 
menting Sarbanes, but dealing with the sophisti- 
cated controls and processes that are required. 


Some studies suggest that ClOs are ex- 
periencing longer tenure than CEOs and 
CFOs. Does this map with your experi- 
ence? If so, what are the factors that are 
contributing to this? I've not seen statistics. 
If we accept the notion that CIO tenure is on the 
rise, what's happening now is that the require- 
ments of companies to not only have systems 
to run the business but to meet the regulatory 
requirements are requiring our clients to com- 
mit to being with this person for a significant 
period of time. 

There was a lot of turnover when all of the 
ERPs weren't achieving the results they were 
expected to. But | suspect it’s becoming less 
and less of an issue, and the depth and 
breadth of a CIO is becoming key to compa- 
nies long term. 
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own people to build and maintain systems 
critical to their business strategies. And 
they're using competitive pay to attract and 
hire workers with the right combinations of 
technical and business skills to do this.” 
Pay increases were especially strong for 
noncertified IT professionals, but they have 
only begun to make up the ground they 
have lost over the past four years. Overall 
median average pay for 89 noncertified 
skills in the survey grew nearly 5% for the 
year that ended July 1, to 6.9% of base 
pay. Over the past four years, pay for such 
skills has declined over 20%. @ 55698 
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Morrison to Head 
Motorola IT 


Motorola Inc. in Schaumburg, lll., 
has appointed PATRICIA B. MOR- 
RISON senior vice president and 
CIO. Morrison most recently 
served as CIO at Office Depot Inc. 
Previously, she was CIO at The 


Quaker Oats Co. and at GE Indus- | 


trial Systems. 


McCarthy Gets Nod 
As Aetna CIO 


Aetna Inc. in Hartford, Conn., has 


named MARGARET McCARTHY 
senior vice president and CIO, re- 
sponsible for Aetna Information 
Services. Previously, McCarthy 
was vice president and head of 
business solutions delivery. 


McAfee Picks 
Decker as CIO 


McAfee Inc., a provider of IT se- 
curity software in Santa Clara, 
Calif., announced that RICHARD 
J. DECKER has been appointed 
CIO. Previously, Decker was CIO 
at Mentor Graphics Corp. and at 


| 
Measurex, a process control com- 


pany that’s part of Honeywell Inc. 


Tufts University 
Names Tynan CIO 
Tufts University in Medford, 
Mass., announced the appoint- 
ment of AMELIA TYNAN as CiO 
and vice president for IT, effective 
Sept. 1. Tynan is currently vice 
provost and CIO at the University 
of Rochester in New York. 


Air Force ClO 
Tapped by SRA 


SRA International Inc., a Fairfax, 
Va.-based provider of IT services 
and software to federal govern- 
ment organizations, announced 
the appointment of JOHN M. 
GILLIGAN as vice president and 
deputy director of the company’s 
defense-related operations. Pre- 
viously, Gilligan was CIO at the 
U.S. Air Force. He also served as 
ClO at the Department of Energy. 
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The Elusive 
Executive Sponsor 


NE OF THE biggest predictors of project 
and program success is having an effec- 
tive executive sponsor. This is the senior 
executive who “owns” the program and 
is responsible for making sure it’s suc- 


cessful. The executive 
sponsor is typically the one 
who proposed the program 
and whose business unit or 
organization will receive 
the majority of the pro- 
gram’s benefits. To be 
effective, he must have 
enough clout to make any 
business process or organi- 
zational changes the pro- 
gram requires. If your pro- 
gram has a missing, weak 
or superficially involved 
executive sponsor, failure 
is almost inevitable. 

If it’s difficult to identify 
who the executive sponsor 
should be, something about 
the proposed program may need to 
change. For example, when a major 
program crosses several organization- 
al boundaries, it may be advantageous 
to break it into individual programs, 
each with its own executive sponsor. 

Alternatively, the problem may be 
a flawed organizational structure. 
One client of mine recognized that its 
worldwide distribution system was in- 
effective and overly expensive. Since 
each region controlled its own logis- 
tics, no one owned the entire process. 
The client had to pull logistics out of 
the business units and create a corpo- 
rate worldwide logistics organization 
in order to revamp its distribution sys- 
tem successfully. 

Even after an appropriate executive 
sponsor has been identified, he may 
still resist taking responsibility for 
the program. An executive may be 
reluctant to serve as sponsor for a 





number of reasons: 

® He is skeptical about the 
business case. Make sure 
you both have done your 
homework and all the data 
is correct. Then work with 
the executive sponsor to 
revise the business case 
data until you both agree. 
If the executive sponsor 
can’t be convinced of the 
program’s viability, you'll 
get lukewarm support at 
best. Be prepared to walk 
away from the program. 

@ He doesn’t feel sufficient 
pain. If the executive spon- 
sor’s business unit is meet- 
ing all of its targets, he may 

not believe that the new program will 
be worth the disruption it will cause. 
Determine whether the program will 
contribute to some personal win for 
the executive sponsor. If the personal 
win is large enough, the executive 
sponsor may be enticed to sign up. 

® He believes it’s an IT program. Even to- 
day, some executives believe that any 
program involving computers is the 
responsibility of IT. Try to educate 
your targeted sponsor so that he sees 
the effort as a business program that 
is IT-enabled. I have recently seen a 


Sree 


| number of IT organizations respond 


to this problem by attempting to spon- 
sor major business programs alone. 

IT can rarely push a business program 
through a corporation successfully, 
however. The majority of these pro- 
grams are doomed to failure and 
should be canceled before they waste 


| precious funding. 





® He isn’t supporting the program for politi- 
cal reasons. If you believe that the exec- 
utive is posturing or is afraid of his 
peers’ reactions, call his bluff by 
threatening to cancel the program. 
You will quickly discover whether 
the objections are genuine. 

@ He faces personal challenges. If an ex- 
ecutive is close to retirement or facing 
personal difficulties such as a divorce 
or serious illness, he may not want to 
take on another major, multiyear chal- 
lenge. In these cases, it’s best to wait 
until the crisis has passed or the exec- 
utive has been replaced. 

® He lacks the requisite experience. The 
executive may not fully understand 
the responsibilities of an executive 
sponsor, or he may feel that his exper- 
tise is insufficient. Offer to supply the 
appropriate project management skills 
in return for his financial and political 
support of the program. This can be 
advantageous to IT because it ensures 
that the project manager will under- 
stand the IT side of the business. 

An involved and committed execu- 
tive sponsor is critical to program suc- 
cess. There’s old joke that at a bacon- 
and-eggs breakfast, the chicken is in- 
volved, but the pig is committed. A 
good executive sponsor must be both. 
If he is involved but not committed, 
you will get lip-service support at best. 
If he is committed but not sufficiently 
involved, the program will suffer and 
probably fail. 

Don’t pursue a path that is doomed 
from the start. Do everything possible 
to acquire the necessary executive 
support for major programs upfront. 
Without the leverage provided by an 
effective executive sponsor, you might 
as well cancel the program and invest 
your dollars more wisely elsewhere. 
@ 55508 
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Executive Briefing: 





smart about 
storage. 


Webcast: 
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Optimizing Public Television's 
Content Supply Chain 





Get Smart About Storage Storage - Optimizing Public 

se oumroNonanlormurtertc Television’s Content Supply Chain 
advice about saving money, protecting In this webcast from Storage Networking 
data and implementing information World, André Mendes of PBS discusses 


life-cycle management. 


some of his organization’s unique storage, 


store.computerworld.com/re/storage01.htm distribution and delivery een 


www.computerworld.com/webcast01 
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Computer Systems Analyst 


ADC based IT company is seek- 
ing a computer systems analyst 
for performing analysis and 
implementation of new and 
existing codes and computer 
applications. Duties: Analyze 
user requirements. develop 
code base, plan and prepare 
program specifications; review 
computer systems capabilities 
supervise computer program: 
mers. BS in comp science/engi- 
neering and min 2 yrs exp 
required. Knowledge of C++ 
Java, MS SQL, Oracle. Salary in 
the low $50,000. Email resume 
to bconforti@eastbanctech.com 


Programmer Analyst needed 
wi2 yrs exp to perform system 
analysis, performance tuning of 
operating systems & application 
Develop applications using 
Oracle, Developer 2000, Forms. 
Reports & Documentation on 
Windows NT & HP-UX operating 
systems. Develop PL/SQL pack 
ages, stored procedures, data 
base triggers & libraries. Use 
Explain from optimization of 
PL/SQL code using SQL*PLUS. 
PROC’C, SQL*LOADER, SQL 

ms & Reports. Mail resume: 


sompu-Solve, inc 306 5th 


3rd Fir., NY, NY 10001 
Loc: NYC or in any unanticipat 


ed locations in US. 


System Administrator (Em- 
eryville, CA) Manage & 
admin Linux servers (So- 
laris, UNIX, IRIX). Knowl of 
networking technologies 
back-up/recovery, & secu- 
rity issues. BS or equiv in 
Comp Sci or related field & 
tyr exp. 8-5, 40 hrs/wk 
Resumes to SysMaster 
Corp, 5801 Christie Ave 
#400 Emeryville CA 
94608. Principals only 
EOE 


ATTENTION: 


eas 
emt ay 
BI We ea 


Contact 
800-343-6474 Ext 8127 


it\careers 


ObjectWin seeks System Analy- 
st, DBA or other IT profession- 
als. Applicants must have MS/ 
BS or equivalent. Skills in 
ASP.Net, B2B, VB, Java, HTML. 
VB.Net, XSL, CSS, MS CMS. 
SSL & MS preferred. Good 
wage. Travel required for some 
jobs. Apply at skarande@object 
win.com. EOE. No calls 


Techgene Solutions has open 
ings for Software Engineers 
System Analysts, DBA. Must 
have MS/BS with experience 
Skills in Cobol, JCL, Oracle 
SQL, VB, C/C++ are plus. Travel 
may be required for some posi. 
tions. Competitive salary. Please 
apply at contact@techgene.com 
No calls. EOE 


Desert Valley Hospitai, locat 
ed in Victorville, CA, seeks a 
Software Engineer. The posi 
tion requires a Masters De 
gree in Computer Applications 
or Computer Science and 2 
years experience in Complex 
Problem Solving, Systems 
Analysis and Technology 
Design and Troubleshooting 
Fax resumes to Betty Harris 
Director HR at 760-241-0363 
or mail resumes to: Desert 
Valley Hospital, 16650 Bear 
Valley Road, Victorville, CA 
92392, Attn: Betty Harris 


Systems Analysts: Desigr 
develop & deployment of ex 
isting & proposed systems 
Expert in .net Technologies 
web services, Documentum 
INMAGIC, com+, Crystal 
reports with databases SQL 
Server, Oracle. Need Bach 
elor degree in Comp. Sci- 
ence or Engg. Or related and 
2 yrs of exp. Send resume to 
HR, MSYS, inc 38930 
Blacow Rd Ste # B 
Fremont, CA, 94536. E-mail 


nfo@msysinc.com 


Network Eng w/ BS in Comp 
Sci or related w/ min 2 yrs 
exp in Information Technolo- 
gy. Responsibilities incl: de- 
sign & support WAN/LAN 
projects; design, maintain & 
upgrade databases; db ad 
ministration duties; assist in 
operation of system/network 
infrastructure for clients. Re 
sponsible for internet & co- 
nectivity & services (Voice 
services, VoIP, PBX). Fax 
resume to 21 T Consulting 
Inc, NY, NY at 12-248 
2104 


Check back weekly for 


fresh job listings placed 


by top companies 


looking for skilled IT 


professionals like you! 
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800-762-2977 


WO80805E/MW/W 1 


Int'l Species information System 
in Eagan/MN seeks the follow- 
ing IT professionals for large 
global animal-zoo-marine info 
management system (Job 
Code 11) Computer/info Sys. 
tems Mgr with 10-year IT man. 
agement of larger projects incl 
1-yr large animal-zoo info sys: 

(Job Code 12) SW Engir 
eer of 5-yr Engineer experi 
ence + Bac C or CIS, tk 
work with MS Sharepoint, Java 
UML, .Net. (Job Code 13) SW 
Engineer of Master of Csi or SW 
System/Eng + coursework taken 
in biology and/or chemistry to 
work on large marine/aquariu 
projects. Application should in 
clude salary requirement, per- 
manent emp authorization, 
Job Code # for our considera- 
tion. Send applicati Ad 
ministration Mgr, ISIS, PO Box 
21216, Eagan, MN 


Programmer Analyst w 
foreign equiv 
Engg or Matt 
analyze, dev 

tier & 


LAN networ 

switches, hut 

UTP/STP Cat5/C 
heterogeneous 

figure network 

TCP/IP. IPX 

NetBIOS TP 

Install & 

Apache Web rvers & Ms 
Exchange. Mail resumes to 
Compu-Solve, Inc 306 Sth 
Ave., 3rd Fir, NY, NY 10001 
Job Loc: NYC or in any unantic 
ipated lecations in US 


Software Development Engineer 

Ft. Lauderdale, FL. Req 
Master's degree in comp. sci- 
ence or comp. eng. Must have 
software development exp. in a 
Windows environ. util. C++, VB- 
Script, .Net technology, MS! & 
MSP. Must pass company's 
technical review. Research, de- 
sign & develop key elements of 
advanced multi-user software 
enterprise applications based on 
a Windows environment using a 
thin-client architecture. Design & 
develop install programs with 
advanced configuration capabili- 
ties for product releases util 
C++, VBScript, .NET technolo. 
gies, MSI & MSP. Forward resu 
me by e-mail to citrixrecruiting@ 
citrix.com or by mail to Citrix 
Systems, Inc., 851 W. Cypress 
Creek Road, Ft. Lauderdale, FI 
33309. Reference job code 
5162 in subject line of e-mail or 
in written response. EEO/AA 
Employer 


Software engineer to de 
develop and test computer pro 
grams for business af 
tions; analyze software requ 
ments to determine feasibility of 
design; direct software system 


testing procedures 


} Require 


ments: Bachelor's D pe, edu 
ational or functic 


exper 


ftware engir 


Technical Support Special 


ist Stockbridge & Macon 
GA - Oversee computer 
systems operations for 2 
restaurants. Design and 
maintain systems and 
coordinate network opera- 
tions. BS in Computer 
Science or related field 
Salary commensurate with 
exp. 40 hrs/wk, 8 AM- 5 
PM, M-F. Mail resume to 
Tarek, Inc., 3675 Hwy 138 
Stockbridge, GA 30281 


s/ware for dis 


tix media to 


MDUs. Req M 
Comp Sci, or related field w 
e Java, Peri, Sheil 
Scripting, SQL, PostgreSQL 
TCP/IP, Posix Thread Library. 
Unix Sockets/IPC, System Lev- 
el Dvipmt, QA. M-F, 40 hrs/wk 
Comp salary & benefits pack 
ages. Resume to: Ref-SA, 
9033 East Easter Place, #205 
Centennial, CO 80112, or email 
to sms@symphony-media.com. 


jeg in 
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AC! Worldwide, a subsidiary of 
Transaction Systems Architects 
(TSA), nas an opportunity for an 
experie 1d Modeler to join our 
team in our Providence, Ri 
office 

This position will be part of a 
team building state of the art 
predictive models. The success. 
ful candidate will have the fo! 
lowing minimum qualifications 
Master's Degree or Ph.D 
Applied Statisticai/Mathematics 
Electrical Engineering, Physics 
Bioinformatics ‘omp 
Chemistry or rela 

Must have 1+ year: 

academic experience 
matical/statistical mode! 

include direct experie 

reural tworks, machin 


good understand: 
& mathematical 
neura’ vetwork 
mentation ai 
written & 

skills. Mus 

tk Jetail 
MATLAB 
using SQL 


& able t 


have 


47711-CW@RESUMEPROS 
NET refer y Job Code 


www.regit.com 


sry/Discoverer 


tion, coding standards 


quire BS/BA (or equiv.edu/exp 
in Comp Sc, Engr., or MIS plus 
2-yr exp. Full-time. Resume to 
Ann Marr, HR-106, World Wide 
Technology, Inc. 60 Weldon 
Pkwy, St. Louis, MO 63043 
NO CALUEOE 


Project Manager 


Manage comp projects 
major ighout the 
Juding technical 
budgetin: ent rela 
S, and completion, manage 
projects involving the develop 


ment and implementat 


onsiderat 

resume to: Informatic Technolo 
gies Inc., 647 US Rt 1, Suite 
212, PO Box 2000, York, ME 


03909, Attn. HR Department 
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Cisco Flaw 


Basel, Switzerland-based drug 
maker. “Vulnerabilities will al- 
ways exist. Organizations have 
to prepare themselves to be 
able to protect themselves.” 

Security researcher Michael 
Lynn triggered the concerns 
two weeks ago when he made 
a presentation about the router 
flaw at the Black Hat confer- 
ence in Las Vegas. Cisco and 
Atlanta-based Internet Securi- 
ty Systems Inc., Lynn’s former 
employer, had tried to stop 
him from giving his scheduled 
talk [QuickLink 55863]. 

Cisco attempted to prevent 
the information from spread- 
ing by securing a court in- 
junction against Lynn and 
getting Black Hat’s organizers 
to remove his presentation 
from the conference proceed- 
ings. But several security-ori- 
ented Web sites posted copies 
of the presentation, prompt- 
ing Cisco to issue an advisory 
on July 29 in which it urged 
users to upgrade to the latest 
version of its Internetworking 
Operating System software. 





of IOS, and develop a plan for 
replacing the ones that aren't 
upgradable. 


3. SET UP A LAB for testing 
the new IOS images that will be 
installed as part of upgrades. 


4. START THE UPGRADE 
process with the routers that are 
most critical to your operations. 


According to the Cisco advi- 
sory, products running certain 
versions of IOS are vulnerable 
to attacks that use specially 
written IP Version 6 packets. 
Only devices that have been 
explicitly configured to proc- 
ess IPv6 traffic are affected by 
the flaw, Cisco said. 

The information Lynn dis- 
closed shows how malicious 
hackers can compromise 
routers to “stop, redirect and 
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scramble network traffic,” said 
Gene Hodges, president of IT 
security vendor McAfee Inc. 
in Santa Clara, Calif. 

“Up to now, the [security] 
community, I believe, has 
somewhat naively assumed 
that this wasn’t possible,” 
Hodges added, citing the com- 
plexity of attacking routers. 


Potential Reuse 
Although the updated IOS 
version isn’t vulnerable to the 
hack detailed by Lynn, any 
newly discovered buffer or 
heap overflow vulnerability in 
the software could be exploit- 
ed using the same process, 
warned Jian Zhen, director of 
product management at Log- 
Logic Inc., a Sunnyvale, Calif.- 
based vendor of tools for man- 
aging network data logs. 
“That’s the most scary part 
of this whole incident,” Zhen 
said. “The vulnerability is dif- 
ficult to exploit due to the 
technical competency re- 
quired. But all it takes is some- 
one to write the necessary 
shell code, and ‘script kiddies’ 
will be able to use that for new 
vulnerabilities discovered in 
the future.” 


Hackers Bypass Microsoft’s Antipiracy Checks 


MICROSOFT CORP. has ac- 
knowledged that hackers were 
quickly able to bypass a process 
it implemented late last month 
to ensure that users trying to 
download software updates 
from its Web site have legiti- 
mate copies of Windows. 

A July 28 posting on the 
Boing Boing weblog claimed that 
a JavaScript command string 
could bypass the software-key 
check in Microsoft's Windows 
Genuine Advantage 1.0 program. 
According to the posting, users 
can override WGA by pasting the 
command in the address bar of 
their browser and pressing Enter. 
The code “turns off the trigger for 
the key check,” the posting said. 

WGA requires users to run 


a program to verify that their 
copies of Windows aren't pirated 
before they can use Microsoft's 
software update services. Micro- 
soft had been running it as a pilot 
program since last September 
but made the validation process 
a requirement on July 27. 

“Within 24 hours, hackers 
claimed to have circumvented 
the process, and it appears that 
they did,” a Microsoft spokes- 
man said. He added that the 
company will fix the flaw that 
was exploited in an upcoming 
version of WGA. 

The Boing Boing hack isn't 
the only way to get around 
WGA’s restrictions that has 
come to light. David Keller, 
founder of PC consulting and 


services firm Compu-Doctor in 
Cape Coral, Fla., said in an inter- 
view conducted via e-mail that 
he was able to change his Inter- 
net Explorer settings to bypass 
WGA. He discovered means to 
do so after he encountered a 
flaw in the program that flagged 
a legitimate product key on a 
customer's copy of Windows 
XP Professional Service Pack 2 
as invalid. 

Keller wrote that he didn’t 
have much luck working with 
Microsoft's support technicians, 
so he disabled the WGA add-on 
within the browser's Internet 
Options menu. 

~ Elizabeth Montalbano 
and Robert McMillan, 
IDG News Service 
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Cisco Resets Users’ Web Passwords 


CISCO LAST WEEK said it was 
resetting the passwords for all 
registered users of its Web site 
after discovering a security vul- 
nerability in its search engine 
software that left those pass- 
words exposed. 

The passwords are used by 
Cisco customers, employees 
and business partners who 
have registered to get access 
to special areas of the Web site 
or receive e-mail alerts, said 
Cisco spokesman John Noh. 

Cisco was made aware of 
the flaw in the search engine 
last Monday and corrected it 
immediately, Noh said. He 
added that as a precaution, the 
company began sending out 
new passwords and blocked 
users from accessing the pass- 


Zhen added that Cisco needs 
to do “a thorough code audit” 
to identify possible overflow 
vulnerabilities in IOS and then 
eradicate them. “It won’t be a 
simple task, and it will take 
time, but not doing it will put 
the Internet at risk,” he said. 

Even so, attacking routers 
isn’t easy as long as companies 
employ the right defensive 
measures, said Lloyd Hession, 
chief information security of- 
ficer at BT Radianz, a New 
York-based provider of net- 
work connectivity services 
to financial firms. 

“The first tenet of router 
security is to make the router 
inaccessible,” Hession said, 
noting that the devices should 
be shut off from the Internet 
as much as possible. 

For instance, putting the 
command-and-control routers 
that actually process data 
packets in their own separate 
network segment can make it 
harder for hackers to access 
them, said Paul Mockapetris, 
inventor of the Internet’s core 
Domain Name System and 
chairman of IP address man- 
agement vendor Nominum 





word-protected areas of the 
Web site with their old ones. 

According to Noh, Cisco offi- 
cials don’t think the vulnerabili- 
ty could be exploited to gain 
access to any sensitive infor- 
mation, such as the company's 
source code. He also said that 
the security hole didn’t affect 
any of the products or tech- 
nologies that Cisco sells. 

Cisco uses Google Inc.'s 
software to power the main 
search feature on its Web site, 
but the problem didn’t involve 
Google, Noh noted. 

“It's a vulnerability related 
to a Cisco search tool,” he 
said. “It's part of the Web 
application.” 

- Robert McMillan, 
IDG News Service 


Inc. in Redwood City, Calif. 

“That’s why carriers run 
separate control networks,” 
Mockapetris said. “An attacker 
has to first get on that net be- 
fore he can launch an attack. 
It’s just the basic principle of 
multiple lines of defense.” 

The bigger headache for 
large companies from the IOS 
flaw is the disruption associat- 
ed with updating vulnerable 
routers, Hession said. BT Ra- 
dianz has more than 40,000 
routers, the vast majority of 
them from Cisco, and updat- 
ing them could require several 
months of planning, testing 
and scheduled downtime, 
Hession said. 

As a result, he noted, patch- 
ing decisions need to be bal- 
anced against the mitigation 
measures that the company 
already has in place, such as 
address masking, out-of-band 
management and access fil- 
tering. @ 56022 


MORE NEWS ONLINE 


What are thought to be the first viruses tar- 
geting Microsoft's Vista OS have surfaced: 


QuickLink 56003 
www.computerworld.com 
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Deliver the Goods 


HE BIGGEST IDEA at last week’s O’Reilly Open Source 
Convention didn’t have anything to do with open- 
source software. At least, not particularly with open- 
source. The idea is this: You drive costs out of IT by 
identifying commodity functions and doing them more 
cheaply, while you gain business advantage with IT by identifying 
unique ways you can assemble IT components to let users do things 


our company’s competitors can’t. 
y' 


Get it? Then you’re smarter than me. I had to hear different angles 


on this idea from a half-dozen people before I 
realized they were all actually talking about the 
same thing. 

And it’s really not an open-source idea. Sure, 
you can decide to perform a commodity func- 
tion with open-source software — say, Linux or 
Apache or MySQL — if that’s cheaper than 
whatever you’ve been using. But instead, you 
might use a less-expensive proprietary software 
product. Or you might outsource the function. 
Or refactor a process to make it cheaper with- 
out changing the technology behind it. 

That’s the competition that open-source soft- 
ware is facing. And open-source people have 
figured it out. Oh, not all of them — there are 
plenty of code jockeys around who'll never care 
about anything at a higher level than queue op- 
timization or race-condition resolution. 

But companies like SourceLabs and Spike- 
Source understand that they can drive cost and 
risk out of open-source “stacks” — collections 
of software that perform standard functions. No 
more endless some-assembly-required fiddling 
to figure out what works together when all you 
want to do is some commodity IT function. 
Commodities shouldn’t be hard or expensive, 
because they offer no business advantage ex- 
cept saving money. Yes, open- 
source people have figured out the 
virtue in being cheap and easy. 

Cutting costs is only half the idea, 
though. The other half is gaining 
competitive advantage. Businesses 
do that when they have something 
their competitors don’t. That won’t 
be something they can buy off the 
shelf — their competitors can all 
buy the same stuff. And that some- 
thing can’t come from using indus- 
try best practices, because everyone 
else can follow the same recipes. 

Once, IT would have looked for 





unique advantage by writing big custom appli- 
cations. But today that takes too long and is too 
inflexible. 

Instead, open-source-using companies like 
Google and Yahoo have figured out that their 
secret sauce is in the way they put together 
pieces of IT — software, hardware, networks 
and practices. Anyone can acquire the gear 
these companies use. How they put it together 
is the difference. 

And why they put it together that way is the 
advantage. A clever architecture doesn’t mean a 
thing if it doesn’t help salespeople sell more 
products, HR people keep employees happier, 
managers run things more efficiently or execu- 
tives steer the company more effectively. 

When your users can do things competitors 
can’t, you win business. When IT makes that 
possible, we’re delivering the goods. 

Again, that’s not an open-source idea. Those 
IT components you string together might just 
as easily be proprietary or homegrown or soft- 
ware as a service. Open-source doesn’t even 
have to be in the mix. 

But users do. They’re the ones who'll dope 
out the business end: how to sell a little more, 
how to manage a little smarter. And annoying 

as their clever, nonstandard com- 

puter tricks might be, that’s where 
you'll find the competitive advan- 
tages that IT can support. 

And that will happen only if IT 
pays attention to users and doesn’t 
fight unusual behavior, but turns it 
into secret sauce instead. 

That’s the big idea. And it raises 
an even bigger question. 

If the open-source crowd can fig- 
ure out the relationships between 
IT commodities, users and com- 
petitive advantage, why can’t we? 
@ 55986 
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